Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GVU-Trojaner mit Webcam

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 04.07.2012, 17:06   #1
TomK
 
GVU-Trojaner mit Webcam - Standard

GVU-Trojaner mit Webcam



Hallo zusammen,
habe mir den allseits-bekannten GVU-Trojaner in einem Fußball-Video (!!!) eingefangen. Pc funktioniert wieder einwandfrei, Malewarebytes hat eine infizierte Datei gefunden, die ich sofort gelöscht hab (da in TEMP-Ordner). Betriebssystem ist Windows 7 64bit. Log-Datei von Malewarebytes ist angehängt.

Vielen Dank Schonmal!


Alt 04.07.2012, 19:10   #2
markusg
/// Malware-holic
 
GVU-Trojaner mit Webcam - Standard

GVU-Trojaner mit Webcam



Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 04.07.2012, 19:27   #3
TomK
 
GVU-Trojaner mit Webcam - Standard

GVU-Trojaner mit Webcam



Hallo, danke für die schnelle Antwort!

Hier die Log-Dateien:

otl.txt
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 04.07.2012 20:14:05 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Thomas\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,23 Gb Available Physical Memory | 77,99% Memory free
15,96 Gb Paging File | 13,68 Gb Available in Paging File | 85,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 24,32 Gb Free Space | 21,77% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 10,74 Gb Free Space | 4,61% Space Free | Partition Type: NTFS
 
Computer Name: THOMAS-PC | User Name: Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.04 20:12:31 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe
PRC - [2012.05.30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.04.30 22:48:35 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.04.17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.03.30 04:18:51 | 003,537,920 | ---- | M] (sw4you, Siegfried Weckmann) -- C:\Program Files (x86)\Hardcopy\hardcopy.exe
PRC - [2012.03.23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2012.01.19 11:06:50 | 000,032,256 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe
PRC - [2012.01.18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.12.05 14:34:56 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011.09.01 03:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2011.02.23 22:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
PRC - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.11.05 23:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.15 08:28:21 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2e16482769fcdf856919e292a968f16c\IAStorUtil.ni.dll
MOD - [2012.06.14 08:19:15 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012.06.14 08:19:02 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.14 08:18:57 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.11 08:33:22 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll
MOD - [2012.05.11 08:30:39 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.11 08:30:38 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012.05.11 08:30:15 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.11 08:30:12 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.11 08:30:10 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.11 08:30:10 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.11 08:30:07 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.04.17 15:05:00 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2012.04.17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2012.04.17 15:05:00 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2012.04.17 15:05:00 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2012.04.17 15:05:00 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll
MOD - [2012.04.17 15:05:00 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2012.04.17 15:05:00 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2012.04.17 15:05:00 | 000,103,936 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll
MOD - [2012.04.17 15:05:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2012.03.21 14:10:22 | 002,941,440 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\HcDllS.dll
MOD - [2012.03.09 09:46:20 | 000,110,080 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\HcDLL2_36_Win32.dll
MOD - [2012.02.20 22:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 22:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.01.19 11:06:50 | 000,032,256 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe
MOD - [2012.01.07 10:54:16 | 000,047,616 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hardcopy_04.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.04 17:58:06 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009.07.14 19:58:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011.05.24 23:03:38 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.06.17 10:26:19 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.04.30 22:48:35 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.04.04 21:08:12 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012.01.18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.12.05 14:34:56 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011.09.01 03:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.01.18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech HD Webcam C310(UVC)
DRV:64bit: - [2012.01.18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.10.24 18:39:54 | 000,066,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2011.08.01 15:59:06 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011.08.01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.05.25 00:26:56 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.05.24 22:25:42 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.03.30 14:46:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.08 13:30:52 | 000,064,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011.02.08 13:30:52 | 000,039,936 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2010.11.20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.06.25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010.06.23 17:10:56 | 000,344,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.03.23 14:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.03.19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.02.08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.11.24 03:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.10.07 14:48:28 | 000,024,560 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLBStor.sys -- (CLBStor)
DRV:64bit: - [2009.10.07 14:48:26 | 000,376,304 | ---- | M] (CyberLink Corporation.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\CLBUDF.sys -- (CLBUDF)
DRV:64bit: - [2009.07.14 16:36:28 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.04.10 12:58:52 | 000,014,720 | ---- | M] (ROCCAT Development, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ValoFltr.sys -- (ValFltr)
DRV:64bit: - [2008.11.16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2011.10.15 14:40:27 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | Auto | Running] -- C:\Users\Thomas\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries25.gadget\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2010.01.19 16:10:38 | 000,146,928 | ---- | M] (CyberLink Corp.) [2011/10/17 14:17:58] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CD C4 8B 88 F7 89 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 10:26:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.20 12:51:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 10:26:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.20 12:51:34 | 000,000,000 | ---D | M]
 
[2011.12.26 18:40:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions
[2011.12.26 18:40:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.05.02 19:00:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\evgnoy8d.default\extensions
[2012.06.15 08:16:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.15 08:16:03 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.06.17 10:26:20 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.01.07 23:58:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.07 23:58:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.07 23:58:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.07 23:58:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.07 23:58:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.07 23:58:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk = C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{088E31CA-7CEA-497B-9BC2-A354B4EB49F4}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13B5FBCC-D6F6-4C0E-B291-C89DF70748B7}: NameServer = 192.168.111.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A565CC81-69B4-44AB-965B-D6DFE1DCDE06}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found
O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0dbf91d2-f8a7-11e0-a68f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0dbf91d2-f8a7-11e0-a68f-806e6f6e6963}\Shell\AutoRun\command - "" = F:\BD-COMBO.exe
O33 - MountPoints2\{5a3282c0-f693-11e0-8d04-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5a3282c0-f693-11e0-8d04-806e6f6e6963}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{5a3282c0-f693-11e0-8d04-806e6f6e6963}\Shell\configure\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{5a3282c0-f693-11e0-8d04-806e6f6e6963}\Shell\install\command - "" = G:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: BDRegion - hkey= - key= - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: EADM - hkey= - key= - C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
MsConfig:64bit - StartUpReg: FreePDF Assistant - hkey= - key= - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
MsConfig:64bit - StartUpReg: InstantBurn - hkey= - key= - C:\PROGRA~2\CYBERL~1\INSTAN~1\Win2K\IBurn.exe (CyberLink Corporation.)
MsConfig:64bit - StartUpReg: IntelliPoint - hkey= - key= - C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: LaCie EDBrowser Startup - hkey= - key= - C:\Program Files (x86)\LaCie\Ethernet Agent\LaCie Ethernet Agent.exe (LaCie SA)
MsConfig:64bit - StartUpReg: LaCie Ethernet Agent Startup - hkey= - key= - C:\Program Files\LaCie\Network Assistant\LaCie Network Assistant.exe (LaCie SA)
MsConfig:64bit - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig:64bit - StartUpReg: Name of App - hkey= - key= - C:\Program Files (x86)\SAMSUNG\FW LiveUpdate\FWManager.exe ( )
MsConfig:64bit - StartUpReg: RemoteControl9 - hkey= - key= - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: RGSC - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: RoccatValo - hkey= - key= - C:\Program Files (x86)\ROCCAT\Valo Keyboard\ValoMonitor.EXE (ROCCAT)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - D:\Spiele\Valve\Steam\steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
MsConfig:64bit - StartUpReg: UpdatePPShortCut - hkey= - key= - C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: UpdatePSTShortCut - hkey= - key= - C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.04 20:12:29 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe
[2012.07.04 17:20:56 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Malwarebytes
[2012.07.04 17:20:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.04 17:20:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.04 17:20:48 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.04 17:20:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.04 17:05:58 | 000,000,000 | ---D | C] -- C:\ProgramData\B7E858A700048FE400244E3CB4EB2331
[2012.07.04 17:05:55 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Iczyb
[2012.07.04 17:05:55 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Doofwa
[2012.06.19 13:21:22 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012.06.19 13:20:58 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\Htc
[2012.06.19 13:20:46 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\HTC
[2012.06.19 13:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync
[2012.06.19 13:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
[2012.06.19 13:20:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications
[2012.06.19 13:20:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC
[2012.06.17 18:13:58 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\Buch
[2012.06.17 10:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.06.17 10:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.06.17 10:39:30 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.06.17 10:39:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.06.15 08:20:30 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\Macromedia
[2012.06.12 15:33:27 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.06.12 15:29:49 | 000,000,000 | ---D | C] -- C:\glassfish3
[2012.06.12 15:25:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eclipse
[2012.06.05 17:01:42 | 000,000,000 | --SD | C] -- C:\Users\Thomas\Documents\Meine Shapes
[2011.10.17 14:08:19 | 001,531,392 | ---- | C] (Toshiba Samsung Storage Technology Corporation) -- C:\Users\Thomas\AppData\Roaming\tsdnwin.dll
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.04 20:15:19 | 001,628,660 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.04 20:15:19 | 000,702,486 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.04 20:15:19 | 000,657,198 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.04 20:15:19 | 000,150,182 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.04 20:15:19 | 000,122,970 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.04 20:12:31 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe
[2012.07.04 20:10:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.04 20:10:31 | 2133,852,159 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.04 17:58:43 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.04 17:58:43 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.04 17:50:58 | 000,000,020 | ---- | M] () -- C:\Users\Thomas\defogger_reenable
[2012.07.04 17:22:38 | 000,001,344 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2012.07.04 17:09:12 | 004,503,728 | ---- | M] () -- C:\ProgramData\nud0repor.pad
[2012.06.17 11:49:23 | 000,052,396 | ---- | M] () -- C:\Users\Thomas\Desktop\TicketMachine - Quittung.pdf
[2012.06.17 11:48:40 | 000,204,651 | ---- | M] () -- C:\Users\Thomas\Desktop\Tickets-Kaltenberger-Ritterturnier.pdf
[2012.06.14 08:18:34 | 000,433,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.04 17:50:58 | 000,000,020 | ---- | C] () -- C:\Users\Thomas\defogger_reenable
[2012.07.04 17:05:46 | 004,503,728 | ---- | C] () -- C:\ProgramData\nud0repor.pad
[2012.06.17 11:49:23 | 000,052,396 | ---- | C] () -- C:\Users\Thomas\Desktop\TicketMachine - Quittung.pdf
[2012.06.17 11:48:39 | 000,204,651 | ---- | C] () -- C:\Users\Thomas\Desktop\Tickets-Kaltenberger-Ritterturnier.pdf
[2012.04.20 13:30:09 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.01.19 22:20:16 | 000,007,605 | ---- | C] () -- C:\Users\Thomas\AppData\Local\Resmon.ResmonCfg
[2012.01.18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012.01.15 20:21:54 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\HWLMSET2PS.dll
[2012.01.11 15:26:48 | 000,002,048 | -HS- | C] () -- C:\Users\Thomas\AppData\Local\{f823a6bb-9ce9-8270-7ddb-420c01e30a24}\@
[2011.11.17 14:01:24 | 001,064,960 | ---- | C] () -- C:\Windows\SysWow64\h5krnl32.dll
[2011.11.17 14:01:24 | 000,188,928 | ---- | C] () -- C:\Windows\SysWow64\h5icon32.dll
[2011.11.17 14:01:24 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\h5menu32.dll
[2011.11.17 14:01:24 | 000,095,744 | ---- | C] () -- C:\Windows\SysWow64\h5rtf32.dll
[2011.11.17 14:01:24 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\h5tool32.dll
[2011.10.26 17:02:49 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.10.26 17:02:49 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.10.17 16:17:36 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2011.10.17 14:06:15 | 000,000,447 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\SamsungLiveUpdateConfig.ini
[2011.10.14 20:21:17 | 001,605,618 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.14 00:51:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.22 19:08:56 | 003,902,976 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2011.08.22 21:07:48 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.08.22 21:07:02 | 000,158,208 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2011.08.22 21:07:00 | 000,259,584 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2011.08.22 21:06:30 | 001,524,224 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2011.08.22 21:06:30 | 000,211,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2011.08.22 21:06:30 | 000,097,280 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2011.08.22 21:06:28 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2011.08.22 21:06:28 | 000,113,664 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2011.08.22 21:06:26 | 000,145,920 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2011.08.22 21:06:26 | 000,136,704 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2011.05.30 15:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.05.23 09:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.03 13:40:08 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2011.03.03 13:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2011.03.03 13:39:46 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2011.03.03 13:39:34 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2011.03.03 13:39:02 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe
[2011.03.03 13:38:54 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2011.03.03 13:38:40 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2011.03.03 13:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2011.03.03 13:38:04 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe
[2011.03.03 13:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2011.03.03 13:37:40 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe
[2011.03.03 13:35:32 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2011.03.03 13:35:26 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2010.08.18 21:56:38 | 000,000,151 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
 
========== LOP Check ==========
 
[2012.01.29 16:05:27 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.10.14 22:27:37 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\DAEMON Tools Lite
[2012.07.04 17:06:01 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Doofwa
[2012.07.04 20:11:20 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Dropbox
[2012.01.22 13:26:51 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\FreePDF
[2012.06.19 13:20:59 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\HTC
[2012.06.19 13:21:22 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012.07.04 17:05:55 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Iczyb
[2011.10.16 21:16:51 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\LaCie
[2011.12.26 18:36:08 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Leadertech
[2012.02.08 00:14:50 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\mp3DirectCut
[2011.10.26 16:22:10 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Origin
[2012.04.18 22:18:45 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\PunkBuster
[2011.10.17 16:22:19 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Red Alert 3
[2012.06.20 16:13:09 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\SAP
[2012.04.20 12:53:57 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Sparx Systems
[2011.12.23 21:39:27 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\streamripper
[2012.01.15 20:25:58 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\TeamViewer
[2012.01.03 14:45:55 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\TomTom
[2011.12.08 17:12:00 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\TS3Client
[2012.02.16 21:55:43 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\WDC
[2012.05.04 19:57:20 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011.10.15 15:21:54 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.10.14 00:05:19 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.06.12 15:31:49 | 000,000,000 | ---D | M] -- C:\glassfish3
[2011.10.14 00:45:35 | 000,000,000 | ---D | M] -- C:\Intel
[2012.07.04 18:11:16 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.06.17 10:39:31 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.07.04 17:20:48 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.07.04 17:20:49 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.10.14 00:05:19 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.07.04 20:15:26 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.04.20 12:43:17 | 000,000,000 | ---D | M] -- C:\Taskleiste
[2011.10.15 15:21:50 | 000,000,000 | R--D | M] -- C:\Users
[2012.07.04 18:11:17 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 04:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.20 05:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2010.11.05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.11.05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_710b330fb3531234\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 05:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 05:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 05:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 05:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 05:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 05:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 05:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 05:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 04:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 04:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 05:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 05:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2012.07.04 17:50:58 | 000,000,020 | ---- | M] () -- C:\Users\Thomas\defogger_reenable
[2012.07.04 20:17:01 | 004,456,448 | -HS- | M] () -- C:\Users\Thomas\ntuser.dat
[2012.07.04 20:17:01 | 000,262,144 | -HS- | M] () -- C:\Users\Thomas\ntuser.dat.LOG1
[2011.10.14 00:05:22 | 000,000,000 | -HS- | M] () -- C:\Users\Thomas\ntuser.dat.LOG2
[2011.10.14 00:07:16 | 000,065,536 | -HS- | M] () -- C:\Users\Thomas\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011.10.14 00:07:16 | 000,524,288 | -HS- | M] () -- C:\Users\Thomas\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011.10.14 00:07:16 | 000,524,288 | -HS- | M] () -- C:\Users\Thomas\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.07.04 17:45:18 | 000,065,536 | -HS- | M] () -- C:\Users\Thomas\ntuser.dat{8c519064-c5ea-11e1-abfe-002522ce0da1}.TM.blf
[2012.07.04 17:45:18 | 000,524,288 | -HS- | M] () -- C:\Users\Thomas\ntuser.dat{8c519064-c5ea-11e1-abfe-002522ce0da1}.TMContainer00000000000000000001.regtrans-ms
[2012.07.04 17:45:18 | 000,524,288 | -HS- | M] () -- C:\Users\Thomas\ntuser.dat{8c519064-c5ea-11e1-abfe-002522ce0da1}.TMContainer00000000000000000002.regtrans-ms
[2011.10.14 00:05:22 | 000,000,020 | -HS- | M] () -- C:\Users\Thomas\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
         
--- --- ---


Extras.txt
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 04.07.2012 20:14:05 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Thomas\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,23 Gb Available Physical Memory | 77,99% Memory free
15,96 Gb Paging File | 13,68 Gb Available in Paging File | 85,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 24,32 Gb Free Space | 21,77% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 10,74 Gb Free Space | 4,61% Space Free | Partition Type: NTFS
 
Computer Name: THOMAS-PC | User Name: Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CBD55B4-3CD6-4E65-A262-67FA73BCB7B5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{119EE193-F963-4704-BD6D-AA9A43D0ECB1}" = lport=139 | protocol=6 | dir=in | app=system | 
"{14CF6324-FB89-4656-AC72-ED83D78CCB50}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{202FFE1E-8FAF-4A7B-B2CD-14498CE56981}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{28BF0C22-91CE-42AC-BC7C-AE3A9954C0E9}" = rport=137 | protocol=17 | dir=out | app=system | 
"{2FCEF182-E388-42A8-A5DA-E5096F5DF611}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{351074DC-EEEC-4C23-9460-B92EAABE8A42}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{38DDB2F7-7562-4048-AB42-053FB409FC39}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3D0B037E-A159-42F8-A9BD-EB3B7DC5DDF2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{402BF573-088D-458A-A34A-1890F54BC64B}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{54724B11-D423-4BEB-95B0-020C063AD970}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{67BA9049-AB41-4C84-916E-AD641FECC082}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{68796D20-8BA3-42AB-922B-98F97C1EA762}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{728FA9FD-3348-4531-BA13-05C0F9090971}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7C6073C3-1A52-47AB-B03E-C96FE616F7BB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{96541E23-434F-4BB7-8C0F-03BBC78D31C5}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A5D0E42D-F501-4246-AD87-3DB5D91823E7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A9B8AFBD-8C94-4BE6-82A7-8B5A97728A4A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AB1BD635-A0AC-4CDF-980A-653040286690}" = rport=445 | protocol=6 | dir=out | app=system | 
"{BDE9E253-22A6-4168-A7C0-1D559D932E9E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C7B14868-B220-46D0-8E60-B7780CA14FE2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C8A5BB41-4785-4472-9166-FF76490A7866}" = lport=138 | protocol=17 | dir=in | app=system | 
"{CD13D333-6DE3-4D9C-9BD3-78DD600EB1F4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CD2F1C26-E156-41AA-96CF-8CB2318AB9B4}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{F2A1FECD-6C8F-4433-9238-01A04EC18447}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F8EB1505-898C-4C63-84C1-89AE35F35053}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D36B7D-1BF4-4759-B65F-3836EEDBAA86}" = protocol=17 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe | 
"{02EFD8F1-E251-464C-AD36-563E868DF3A6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{080C124D-5640-40F6-81EE-31618A9D31C4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{087473C5-A83D-45BA-B20A-174171A6CE9F}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe | 
"{08A6B61A-698F-49AC-B3C7-06E82EB0E244}" = protocol=6 | dir=in | app=d:\spiele\valve\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{08E4F32E-B9DB-443E-949A-F5CB5D175339}" = protocol=6 | dir=in | app=c:\program files (x86)\blizzard\diablo iii\diablo iii.exe | 
"{0989812E-73F5-4E5C-A3BE-6B69E24DA8DA}" = protocol=6 | dir=in | app=d:\spiele\electronic arts\alarmstufe rot 3\data\ra3_1.12.game | 
"{09B5BAEC-CCA3-4506-91B7-E9B0B28FA212}" = protocol=17 | dir=in | app=c:\program files (x86)\lacie\ethernet agent\lacie ethernet agent.exe | 
"{0FBBDC99-DE98-4FDF-BC88-AFE2E2F0B190}" = protocol=17 | dir=in | app=d:\spiele\ubisoft\assassin's creed revelations\acrmp.exe | 
"{1726497C-07AD-406A-8506-19B5D8ABE6D1}" = protocol=17 | dir=in | app=d:\spiele\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe | 
"{1BC5EC96-78ED-497E-8EAC-05CD539434B5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{2A4B879F-CDDB-44B8-BD1B-D6142BDBB405}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{2B3504E5-8F64-44ED-B7BF-8050D98D0DA1}" = protocol=17 | dir=in | app=d:\spiele\valve\steam\steamapps\common\microsoft flight\flight.exe | 
"{338E1150-CC69-4AFF-88B4-51DA5401267A}" = protocol=17 | dir=in | app=d:\spiele\electronic arts\alarmstufe rot 3\data\ra3_1.12.game | 
"{3851A715-FA3A-41CF-97D6-89D0D68A1F92}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe | 
"{39D90F96-0BEE-4A67-BA4B-94FE987884F3}" = protocol=6 | dir=in | app=d:\spiele\valve\steam\steamapps\common\microsoft flight\flight.exe | 
"{3B602FC1-A393-4121-BE03-78CE3F63CCE9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
"{3B8D494E-E418-4437-9B0F-C10C3DB0E74C}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{424ED136-F22E-42D5-808C-8CB765E4531E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe | 
"{43687748-4ADD-4179-9FF5-6461BC47483A}" = protocol=6 | dir=out | app=system | 
"{43FC1E28-F100-4948-B24F-5D9B8BCF9CDD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{465EA3D1-CBAB-4A90-9B91-231BF9F156D5}" = protocol=6 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe | 
"{47DE87EF-58A5-4CE1-9913-A801D2DD71F2}" = protocol=6 | dir=in | app=d:\spiele\valve\steam\steam.exe | 
"{48D01060-DDE1-48C0-BBB6-C54FE75F2EF8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4EB43713-31ED-4F38-984D-DE4E045A35FD}" = protocol=17 | dir=in | app=d:\spiele\ubisoft\assassin's creed revelations\acrsp.exe | 
"{4EFDADE4-4B78-4777-973E-B3CD04D2517E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{4F850D70-00D2-426B-85B1-8923E84400DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{50B3F43F-C40A-45DE-A578-DCF7A179398A}" = protocol=6 | dir=in | app=d:\spiele\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe | 
"{50D7E9E0-DEBE-4066-97EF-687C15B886DD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5353B4BD-3850-4F73-A584-E3A3CE6F7CDB}" = protocol=6 | dir=in | app=d:\spiele\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{569926A2-BBFF-4AF0-8AEF-6A3FF16C1074}" = protocol=17 | dir=in | app=d:\spiele\valve\steam\steamapps\common\dungeon defenders demo\binaries\win32\dungeondefenders.exe | 
"{6172DB2F-DC50-492F-8896-17EC2E18A3F3}" = protocol=17 | dir=in | app=c:\program files\lacie\network assistant\lacie network assistant.exe | 
"{64A45F73-7BE5-41D7-ABAC-DEA2D41469B9}" = protocol=6 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe | 
"{6C342C16-E217-4AA0-8D0C-FE2626051503}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{6C9C8E46-6429-422F-9AC2-A5E89477DF64}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{7499ED4F-8B17-4BE6-8C64-43103F4A8E44}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{74C749DD-3F1F-4EB2-B42F-0450C9E09AE1}" = protocol=17 | dir=in | app=d:\spiele\valve\steam\steamapps\tom.kettner@web.de\counter-strike source\hl2.exe | 
"{75A6E212-A3B6-4BDB-A246-4B0C67079B17}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{76063AAA-41E2-48A5-9378-D368FA8E7E0C}" = protocol=17 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe | 
"{7863E434-BBF3-43B0-A1B3-33D5A06BED04}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7876C0DE-FEFE-4A0B-AA36-B1A9F17E395B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{7BC07AB6-893D-4FDA-8E8B-88367A1B4672}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7E2DC00D-8B5E-4AF4-A1BB-4CB30FF949FF}" = protocol=17 | dir=in | app=d:\spiele\valve\steam\steam.exe | 
"{7F38FFD8-E9A2-4C5A-8655-6365CE8F3918}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{81FA04F6-5340-4EA3-9408-9C26FA65B126}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{84A2DDEC-B8DD-4C33-93D7-633F66022DCB}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{85086AE1-8C81-41CC-988E-304BE4B16A2D}" = protocol=17 | dir=in | app=c:\program files (x86)\blizzard\diablo iii\diablo iii.exe | 
"{85C5D113-8D24-43F8-A028-CD334CC857F1}" = protocol=17 | dir=in | app=d:\spiele\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{89F5F954-43DF-4487-A6A5-51D7928B99AD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8D7765E3-15EA-4EEA-BF29-12540AD283BF}" = protocol=6 | dir=in | app=d:\spiele\valve\steam\steamapps\common\dungeon defenders demo\binaries\win32\dungeondefenders.exe | 
"{90DB19F8-45BE-4D27-B995-EA157DE98CC6}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe | 
"{916B7F6C-5CAC-41F5-A5E3-A94175B27C4B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9275BD58-A87B-4588-B5F6-EB05615FCA72}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{953365E1-C61B-4D5A-900E-BE4B17EC55EB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{961F241F-C32B-4160-8368-74006110D21A}" = protocol=6 | dir=in | app=d:\spiele\codemasters\dirt2\dirt2_game.exe | 
"{96E3C169-E3A2-4E54-8E65-B83B4459A5AE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{98FB4666-46EE-4E64-9727-BC099E48423F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9A326176-68AB-49BC-80D2-69E282747346}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9FF1B43A-87E2-4E8E-9750-E13D5158709F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{A02A0B31-8CB1-4936-9445-34DFEF7DF2BC}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{A4C1477A-BF50-44F6-9C54-F35FF7FB91F4}" = protocol=17 | dir=in | app=d:\spiele\valve\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{A6AD6970-C4EC-4EB5-B60B-66CD8C3CF2CC}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe | 
"{AB87CC6D-3F0E-44F7-A8B0-2616F285758E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B552337E-0CB9-4CFC-809C-7E158076462A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{B5FBD0E6-2D53-4047-B42C-A58512D76ECD}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{B77619C1-6910-496B-9067-9D63F06F50E0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B8EA2489-7A0B-491B-9C0B-D0D570D42214}" = protocol=6 | dir=in | app=d:\spiele\ubisoft\assassin's creed revelations\acrmp.exe | 
"{C135EAB5-9C58-4CD4-A12E-EFCF9EAC1A35}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{C2DF523A-1193-45B7-9CD7-AB472145745E}" = protocol=6 | dir=in | app=d:\spiele\ubisoft\assassin's creed revelations\acrsp.exe | 
"{C4BCCF61-A452-4942-BFC5-440098AA76AD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C91BCA0D-965A-46E3-AF53-8B1DB708B2B8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{CB4DBA3E-066E-4220-B5EE-58913B7B5671}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CE594667-3F8D-4A61-964A-EA0FDEFCBD09}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{D0CEDE4F-7DEC-47A2-A773-EE5B1F47E168}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{D2D0AC07-B0BC-4B05-AF11-9B20B33BEAF6}" = protocol=6 | dir=in | app=c:\program files\lacie\network assistant\lacie network assistant.exe | 
"{D55EB6EB-6766-4178-AA0A-A68C8A721E1A}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe | 
"{DD4FD456-D53F-4370-80AC-7EE317E3A0FF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E54FE20C-B3BA-4479-956F-34A894EE72A5}" = protocol=6 | dir=in | app=d:\spiele\rockstar games\grand theft auto iv\gtaiv.exe | 
"{EAF80BE1-FB67-4B1A-B786-B83E79DD0781}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EB0743EE-A71E-4AF0-A37F-6A74C08CAD8F}" = protocol=17 | dir=in | app=d:\spiele\rockstar games\grand theft auto iv\gtaiv.exe | 
"{F5C263DD-265D-4C27-B649-034B40328401}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{F8B65FF6-7AC9-416E-BB57-74AA3F7AA1BE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | 
"{FADFBDCB-3AD4-4508-843B-F12157E1A641}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{FC44CEC5-9254-4A02-B321-BE189E7097A4}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{FCEF061B-45CB-4828-BEB7-3C8BDCE4E6FB}" = protocol=17 | dir=in | app=d:\spiele\codemasters\dirt2\dirt2_game.exe | 
"{FD48C85D-ECDA-4670-B052-5ECCAAF04AA6}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{FD6BEE5C-0CF4-410C-B1F6-DA0C113734E3}" = protocol=6 | dir=in | app=d:\spiele\valve\steam\steamapps\tom.kettner@web.de\counter-strike source\hl2.exe | 
"{FE0C5B36-7C68-42CD-9E2A-D718CA47575F}" = protocol=6 | dir=in | app=c:\program files (x86)\lacie\ethernet agent\lacie ethernet agent.exe | 
"TCP Query User{15BC0B7B-8D9A-4621-B6EC-AA56B9F6DA43}C:\program files\lacie\network assistant\lacie network assistant.exe" = protocol=6 | dir=in | app=c:\program files\lacie\network assistant\lacie network assistant.exe | 
"TCP Query User{2486ACAB-2407-451E-A406-396D3237FB5A}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"TCP Query User{29505BFC-9DC3-4211-9DD6-0D622812FA4D}D:\spiele\valve\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=d:\spiele\valve\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe | 
"TCP Query User{36FA4706-A95C-473B-811B-4C07C37B2DE0}D:\spiele\electronic arts\alarmstufe rot 3\data\ra3_1.12.game" = protocol=6 | dir=in | app=d:\spiele\electronic arts\alarmstufe rot 3\data\ra3_1.12.game | 
"TCP Query User{4BCF0609-AC6A-4079-ABDD-2E6E1E361563}D:\spiele\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\spiele\rockstar games\grand theft auto iv\gtaiv.exe | 
"TCP Query User{553296F8-7BCE-4FD4-A536-37A444A8AAE4}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{6787D372-F589-4FBF-B04E-E4BC1C71CC38}C:\program files (x86)\lacie\ethernet agent\lacie ethernet agent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lacie\ethernet agent\lacie ethernet agent.exe | 
"TCP Query User{8FC09335-265B-4E53-8432-C8C95330CB32}C:\users\thomas\downloads\ipconfigurator.exe" = protocol=6 | dir=in | app=c:\users\thomas\downloads\ipconfigurator.exe | 
"TCP Query User{91583485-0808-4D75-A26B-0C813419B235}D:\spiele\valve\steam\steamapps\tom.kettner@web.de\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\spiele\valve\steam\steamapps\tom.kettner@web.de\counter-strike source\hl2.exe | 
"TCP Query User{936AC66A-486B-42C9-9916-B9CCADE34DB5}D:\spiele\codemasters\dirt2\dirt2_game.exe" = protocol=6 | dir=in | app=d:\spiele\codemasters\dirt2\dirt2_game.exe | 
"TCP Query User{9F78EC71-DC80-483F-81D8-0CA79B34304B}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | 
"TCP Query User{AFBA7E60-48A2-4632-869A-786B127FE92E}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{B1D745AC-8ACE-467E-AD68-75CA2414B7AD}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"TCP Query User{B8052110-9B65-447D-AAEE-DC443AF6A495}D:\spiele\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=d:\spiele\electronic arts\crytek\crysis 2\bin32\crysis2.exe | 
"TCP Query User{BECFC466-E9BD-41DD-A9BC-AD2D3B6F2A20}D:\spiele\valve\steam\steam.exe" = protocol=6 | dir=in | app=d:\spiele\valve\steam\steam.exe | 
"TCP Query User{E17A7581-E539-435B-9441-1E98858F2EBF}D:\spiele\valve\steam\steamapps\common\dungeon defenders demo\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=d:\spiele\valve\steam\steamapps\common\dungeon defenders demo\binaries\win32\dundefgame.exe | 
"TCP Query User{F5F31851-A481-41B0-B371-8F80ACB65F60}C:\users\thomas\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\thomas\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"UDP Query User{2AF66DB7-82FE-4016-B338-AF7A99C762AF}D:\spiele\valve\steam\steam.exe" = protocol=17 | dir=in | app=d:\spiele\valve\steam\steam.exe | 
"UDP Query User{2E1AB371-D624-4040-899E-123507CF9546}C:\program files (x86)\lacie\ethernet agent\lacie ethernet agent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lacie\ethernet agent\lacie ethernet agent.exe | 
"UDP Query User{301C4A0B-1E52-44B4-AA94-7B0DB7AB389D}D:\spiele\electronic arts\alarmstufe rot 3\data\ra3_1.12.game" = protocol=17 | dir=in | app=d:\spiele\electronic arts\alarmstufe rot 3\data\ra3_1.12.game | 
"UDP Query User{4381048E-70D6-44E5-A8B6-FE19F6F2BF51}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"UDP Query User{4F766595-A737-40A4-90DA-813682C3EEB8}C:\program files\lacie\network assistant\lacie network assistant.exe" = protocol=17 | dir=in | app=c:\program files\lacie\network assistant\lacie network assistant.exe | 
"UDP Query User{519ECB58-EC66-4D13-8221-4B059C52CF16}C:\users\thomas\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\thomas\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"UDP Query User{560F259F-4DB4-43D0-A4A1-15316028F60E}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{811641F6-4B89-428B-8A8B-1C5E66E822D4}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | 
"UDP Query User{92BAA70F-5C88-4292-B26F-3A10D66D06E7}C:\users\thomas\downloads\ipconfigurator.exe" = protocol=17 | dir=in | app=c:\users\thomas\downloads\ipconfigurator.exe | 
"UDP Query User{B2BC91E5-BC39-4C39-AC88-C067DC796D21}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"UDP Query User{C0ED859C-5156-449B-94A4-DB32E63BEDE5}D:\spiele\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\spiele\rockstar games\grand theft auto iv\gtaiv.exe | 
"UDP Query User{C5F748E6-ADFF-4527-ADDA-2B38478317D2}D:\spiele\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=d:\spiele\electronic arts\crytek\crysis 2\bin32\crysis2.exe | 
"UDP Query User{D713B357-6524-4E68-8D46-C72C4CDE18FD}D:\spiele\valve\steam\steamapps\tom.kettner@web.de\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\spiele\valve\steam\steamapps\tom.kettner@web.de\counter-strike source\hl2.exe | 
"UDP Query User{DA1CCD1C-796E-47B9-A5B2-4F6EC06DBE28}D:\spiele\valve\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=d:\spiele\valve\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe | 
"UDP Query User{EC3E49E8-2F9F-4A32-88A4-29285CE2DF89}D:\spiele\valve\steam\steamapps\common\dungeon defenders demo\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=d:\spiele\valve\steam\steamapps\common\dungeon defenders demo\binaries\win32\dundefgame.exe | 
"UDP Query User{F0F66008-FB57-4703-9AE7-01026EF7360E}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"UDP Query User{F733F87C-8667-4D4E-A2A2-F4946E69451E}D:\spiele\codemasters\dirt2\dirt2_game.exe" = protocol=17 | dir=in | app=d:\spiele\codemasters\dirt2\dirt2_game.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC2
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{3FD3FC64-DA16-318E-DFD5-57466FF5FEB5}" = ATI Catalyst Install Manager
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7CAFBA1E-D090-3F1F-662D-9828FD4D8E4D}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{86E42509-8029-7678-F522-0636D80CD277}" = ATI AVIVO64 Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BA94B525-1469-4E00-AFE4-50ADEB8B3993}_is1" = LaCie Network Assistant 1.5.2.59
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"GPL Ghostscript 9.04" = GPL Ghostscript
"Logitech Gaming Software" = Logitech Gaming Software 8.20
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B7F7645-F948-98D7-18F7-1C69D7B6ACDB}" = CCC Help Portuguese
"{117B6BF6-82C3-420C-B284-9247C8568E53}" = Die Sims™ 3 Design-Garten-Accessoires
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{11F5D779-7BD9-465A-BBC4-10701386BCB9}" = FW LiveUpdate
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{168BEE42-1F65-1AFF-CD77-3DB5A9F91B5E}" = CCC Help Danish
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}" = CyberLink InstantBurn
"{1B7710D4-9D75-D5E5-4B6D-40F471E70398}" = HydraVision
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2278744E-73C3-38C4-6991-3E1601785913}" = CCC Help Greek
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java(TM) 7
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations 1.03
"{3454886D-4AB3-BF96-D378-B7F6DCA0A281}" = CCC Help Finnish
"{364B2826-EEB6-A31B-F25B-5CBB78273414}" = CCC Help English
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{434D0820-3AA6-493A-80B9-301000028501}" = DiRT2
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{45A3B1FC-11B6-4292-B1E3-4A0B8DDE5394}" = Xtra Controller Ex
"{45D397FE-86B1-4234-16AC-9E7DD89A3207}" = CCC Help Norwegian
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4898D29E-A858-DB50-C7D4-8554066A8DAA}" = CCC Help Thai
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C78E7B2-AE8C-492E-8A97-BA6A641C616B}" = Enterprise Architect 9.3  - 30 Day Trial Edition
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{50B93225-3F76-F555-27A2-A1EAEC83C527}" = Catalyst Control Center InstallProxy
"{52D1D62C-FEAB-4580-849E-1DB624BADBBD}" = DiRT2
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{57AC79C8-157E-403A-A8D0-DD74EF71BAE2}" = Catalyst Control Center - Branding
"{59AAB74E-9A5B-D39E-E65D-6CD48DA8055F}" = CCC Help Korean
"{5CED4E8D-4508-D84A-2945-285B13852E0B}" = CCC Help French
"{61B563AC-F31E-A727-CBEA-F9648B803948}" = CCC Help Italian
"{633E917B-F74E-56D6-B8CF-3A443C260615}" = CCC Help Japanese
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B8364EA-9B85-EF54-6DEC-FC3CE9C55123}" = CCC Help Spanish
"{6C51CF89-2452-B69F-94B3-6BF3FF3A03B1}" = CCC Help Hungarian
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786EBD1C-CAC0-8900-D77B-5777C5F74395}" = CCC Help Swedish
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = Die Sims™ 3 Stadt-Accessoires
"{7E4BB999-4B59-1009-429B-963B6252E6DD}" = CCC Help Turkish
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{8334930A-9405-467B-9498-1EBC1878A09D}" = Catalyst Control Center
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CC928F6-93A2-D49D-E253-532C2FF053A1}" = Catalyst Control Center Profiles Desktop
"{8CFF08EF-CDF7-C328-AD6B-10BD2E1D1D73}" = CCC Help German
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PRJPRO_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PRJPRO_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PRJPRO_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PRJPRO_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PRJPRO_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2007
"{90120000-00B4-0407-0000-0000000FF1CE}_PRJPRO_{C8D442F2-CF33-486E-8079-A704A2E80A39}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPROR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.VISIOR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PRJPROR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.VISIOR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PRJPROR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.VISIOR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PRJPROR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.VISIOR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIOR_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PRJPROR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.VISIOR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0080-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C5BBDA1-F311-476B-1863-C0A3073CAC86}" = CCC Help Polish
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A1683CA7-4850-4A21-982B-C6D853C79AF7}" = Mass Effect™ 3 Demo
"{A47A9101-6EB5-4314-BDA1-297880FBB908}" = Microsoft redistributable runtime DLLs VS2008 SP1(x86)
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = CyberLink PowerBackup
"{AF9CA86D-83FA-C143-F9C8-EAB535B8B78C}" = Catalyst Control Center Localization All
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BA94B525-1469-4E00-AFE4-50ADEB8B3993}_is1" = LaCie Ethernet Agent 1.0
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CA6F93FB-A2DE-6CE1-57FC-8139684C07E7}" = CCC Help Chinese Traditional
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86)
"{D1BA65A8-0F0E-4ACA-9B4D-2A080C561D35}" = ROCCAT Valo Keyboard Driver
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.22 Game
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{DC9856AC-2AB5-4551-AED2-9AF92D11A04E}" = Pandasoft Video Converter
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E30EE048-574F-5FD3-DA01-1126946E21C1}" = CCC Help Dutch
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = Die Sims™ 3 Lebensfreude
"{E6F043EB-FEF5-4C34-95AF-99B3EB68F7D9}" = Xtra Controller Ex
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = Die Sims™ 3 Gib Gas-Accessoires
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F2F7E361-D336-1338-A453-AB03B4818927}" = CCC Help Czech
"{F4BF6E6A-5F71-B52B-D738-B0A5C3456FED}" = CCC Help Chinese Standard
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software
"{FDF1D75A-1F72-6C4F-1103-DC6BF5218AE6}" = CCC Help Russian
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
"Battlelog Web Plugins" = Battlelog Web Plugins
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo III" = Diablo III
"Direct MP3 Joiner_is1" = Direct MP3 Joiner version 3.0.2.9
"ESN Sonar-0.70.4" = ESN Sonar
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"FreePDF_XP" = FreePDF (Remove only)
"Hardcopy(C__Program Files (x86)_Hardcopy)" = Hardcopy (C:\Program Files (x86)\Hardcopy)
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Professional 2010
"Office14.VISIOR" = Microsoft Visio Professional 2010
"OpenAL" = OpenAL
"Origin" = Origin
"PRJPRO" = Microsoft Office Project Professional 2007
"PunkBusterSvc" = PunkBuster Services
"SAPBI" = SAP Business Explorer
"SAPGUI710" = SAP GUI for Windows 7.20
"Steam App 201680" = Dungeon Defenders Demo
"Steam App 203850" = Microsoft Flight
"Steam App 300" = Day of Defeat: Source
"Steam App 65800" = Dungeon Defenders
"Streamripper" = Streamripper (Remove only)
"TomTom HOME" = TomTom HOME 2.8.3.2458
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"Windows 7 - Codec Pack" = Windows 7 Codec Pack 3.4.0
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 04.07.2012 04:39:48 | Computer Name = Thomas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1997
 
Error - 04.07.2012 11:06:24 | Computer Name = Thomas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 04.07.2012 11:06:24 | Computer Name = Thomas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 999
 
Error - 04.07.2012 11:06:24 | Computer Name = Thomas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 999
 
Error - 04.07.2012 11:06:25 | Computer Name = Thomas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 04.07.2012 11:06:25 | Computer Name = Thomas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1997
 
Error - 04.07.2012 11:06:25 | Computer Name = Thomas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1997
 
Error - 04.07.2012 11:06:26 | Computer Name = Thomas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 04.07.2012 11:06:26 | Computer Name = Thomas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2996
 
Error - 04.07.2012 11:06:26 | Computer Name = Thomas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2996
 
[ System Events ]
Error - 03.07.2012 13:12:35 | Computer Name = Thomas-PC | Source = WMPNetworkSvc | ID = 866333
Description = 
 
Error - 03.07.2012 14:57:31 | Computer Name = Thomas-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 04.07.2012 08:37:35 | Computer Name = Thomas-PC | Source = WMPNetworkSvc | ID = 866333
Description = 
 
Error - 04.07.2012 11:08:00 | Computer Name = Thomas-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?04.?07.?2012 um 17:06:19 unerwartet heruntergefahren.
 
Error - 04.07.2012 11:08:16 | Computer Name = Thomas-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 04.07.2012 11:09:31 | Computer Name = Thomas-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 04.07.2012 11:11:42 | Computer Name = Thomas-PC | Source = Microsoft Antimalware | ID = 2004
Description = Beim Laden der Signaturen wurde von %%860 ein Fehler festgestellt.
 Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen.     Versuchte
 Signaturen: %%824     Fehlercode: 0x80070002     Fehlerbeschreibung: Das System kann die 
angegebene Datei nicht finden.      Signaturversion: 1.129.759.0;1.129.759.0     Modulversion:
 1.1.8502.0
 
Error - 04.07.2012 11:45:17 | Computer Name = Thomas-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 04.07.2012 11:51:15 | Computer Name = Thomas-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 04.07.2012 12:24:12 | Computer Name = Thomas-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
--- --- ---


Weitere Schritte?

!!!
__________________

Alt 06.07.2012, 10:42   #4
TomK
 
GVU-Trojaner mit Webcam - Standard

GVU-Trojaner mit Webcam



.................. push

Alt 06.07.2012, 17:27   #5
markusg
/// Malware-holic
 
GVU-Trojaner mit Webcam - Standard

GVU-Trojaner mit Webcam



das pushen kannst du dir schenken, dadurch werden es hier auch nicht weniger hilfesuchene und mehr helfer und du kommst trotzdem nkicht schneller drann.
wer sofortige hilfe will, muss in ein pc gescheft gehen und dafür zahlen.
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.07.2012, 18:07   #6
TomK
 
GVU-Trojaner mit Webcam - Standard

GVU-Trojaner mit Webcam



Zunächst einmal danke für die Antwort.
Mit dem Push wollte ich lediglich ein "in-Vergessen"-geraten verhindern, da ich die erste Antwort realtiv schnell erhalten habe..

Anbei das Log von ComboFix:

[Code]
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-07-06.01 - Thomas 06.07.2012  18:57:11.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8175.6828 [GMT 2:00]
ausgeführt von:: c:\users\Thomas\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\tmpAAA0.tmp
c:\windows\SysWow64\tmpAAA1.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-06 bis 2012-07-06  ))))))))))))))))))))))))))))))
.
.
2012-07-06 09:41 . 2010-02-23 08:16	294912	----a-w-	c:\windows\system32\browserchoice.exe
2012-07-06 07:23 . 2012-05-31 04:04	9013136	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{54A68D53-11D5-471D-B3E0-22E5EC43830C}\mpengine.dll
2012-07-04 15:20 . 2012-07-04 15:20	--------	d-----w-	c:\users\Thomas\AppData\Roaming\Malwarebytes
2012-07-04 15:20 . 2012-07-04 15:20	--------	d-----w-	c:\programdata\Malwarebytes
2012-07-04 15:20 . 2012-07-04 15:20	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-04 15:20 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-04 15:15 . 2012-02-10 23:44	927800	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1661CF2B-20EB-4650-9083-5F6C25EE4A97}\gapaengine.dll
2012-07-04 15:15 . 2012-05-31 04:04	9013136	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-04 15:05 . 2012-07-04 16:11	--------	d-----w-	c:\programdata\B7E858A700048FE400244E3CB4EB2331
2012-07-04 15:05 . 2012-07-04 15:06	--------	d-----w-	c:\users\Thomas\AppData\Roaming\Doofwa
2012-07-04 15:05 . 2012-07-04 15:05	--------	d-----w-	c:\users\Thomas\AppData\Roaming\Iczyb
2012-06-23 10:27 . 2012-06-23 10:27	--------	d-----w-	c:\users\Melanie\AppData\Local\Macromedia
2012-06-23 10:27 . 2012-07-06 04:50	--------	d-----w-	c:\users\Melanie\AppData\Local\Htc
2012-06-23 10:27 . 2012-06-23 10:27	--------	d-----w-	c:\users\Melanie\AppData\Roaming\HTC
2012-06-22 16:36 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-22 16:36 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-22 16:36 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-22 16:36 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-22 16:36 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-22 16:36 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-22 16:36 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-22 16:36 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-22 16:36 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-19 11:20 . 2012-07-06 07:15	--------	d-----w-	c:\users\Thomas\AppData\Local\Htc
2012-06-19 11:20 . 2012-06-19 11:20	--------	d-----w-	c:\users\Thomas\AppData\Roaming\HTC
2012-06-19 11:20 . 2012-06-19 11:20	--------	d-----w-	c:\program files (x86)\Spirent Communications
2012-06-19 11:20 . 2012-06-19 11:20	--------	d-----w-	c:\program files (x86)\HTC
2012-06-17 08:39 . 2012-06-17 08:39	--------	d-----w-	c:\program files\iPod
2012-06-17 08:39 . 2012-06-17 08:39	--------	d-----w-	c:\program files\iTunes
2012-06-17 08:39 . 2012-06-17 08:39	--------	d-----w-	c:\program files (x86)\iTunes
2012-06-15 06:20 . 2012-06-15 06:20	--------	d-----w-	c:\users\Thomas\AppData\Local\Macromedia
2012-06-13 11:04 . 2012-04-26 05:41	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-06-13 11:04 . 2012-04-26 05:41	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-06-13 11:04 . 2012-04-26 05:34	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-06-13 11:04 . 2012-05-01 05:40	209920	----a-w-	c:\windows\system32\profsvc.dll
2012-06-12 13:33 . 2012-06-12 13:33	955848	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-06-12 13:33 . 2012-06-12 13:33	839112	----a-w-	c:\windows\system32\deployJava1.dll
2012-06-12 13:33 . 2012-06-12 13:33	--------	d-----w-	c:\program files\Java
2012-06-12 13:29 . 2012-06-12 13:31	--------	d-----w-	C:\glassfish3
2012-06-12 13:25 . 2012-06-18 19:28	--------	d-----w-	c:\program files (x86)\eclipse
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-30 15:29 . 2012-04-02 07:50	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-30 15:29 . 2011-10-14 19:39	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-14 18:53 . 2011-10-27 10:31	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2012-05-14 18:53 . 2011-10-26 15:02	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2012-05-12 14:47 . 2011-10-26 15:02	283304	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2012-04-30 20:48 . 2011-10-26 15:02	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2012-04-20 10:34 . 2012-04-20 10:34	8192	----a-r-	c:\users\Thomas\AppData\Roaming\Microsoft\Installer\{4C78E7B2-AE8C-492E-8A97-BA6A641C616B}\Icon3DF154B95.exe
2012-04-20 10:34 . 2012-04-20 10:34	55296	----a-r-	c:\users\Thomas\AppData\Roaming\Microsoft\Installer\{4C78E7B2-AE8C-492E-8A97-BA6A641C616B}\IconCC98E8B3.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-17 651264]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Microsoft Outlook 2010.lnk - c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe [2011-10-14 303456]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hardcopy.LNK - c:\program files (x86)\Hardcopy\hardcopy.exe [2012-5-20 3537920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-01 169624]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R3 ALSysIO;ALSysIO;c:\users\Thomas\AppData\Local\Temp\ALSysIO64.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 ValFltr;ROCCAT Valo Keyboard;c:\windows\system32\drivers\ValoFltr.sys [2009-04-10 14720]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\DRIVERS\CLBStor.sys [2009-10-07 24560]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/10/17 14:17];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2010-01-19 14:10 146928]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-24 204288]
S2 CLBUDF;CyberLink InstantBurn UDF Filesystem; [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-05-30 3048136]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-12-05 92592]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Thomas\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries25.gadget\WinRing0x64.sys [2011-10-15 14544]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-05-24 9359872]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-05-24 309760]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704]
S3 dc3d;Microsoft-Hardware – Geräteerkennungstreiber;c:\windows\system32\DRIVERS\dc3d.sys [2011-08-01 52584]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 39936]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-02-08 64512]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-07-14 22408]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [2011-10-24 66328]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 netr28ux;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28ux.sys [2009-06-10 867328]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 09:06	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 415752]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 4195848]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.254 192.168.0.1
TCP: Interfaces\{13B5FBCC-D6F6-4C0E-B291-C89DF70748B7}: NameServer = 192.168.111.1
FF - ProfilePath - c:\users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\evgnoy8d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3171237338-2043165809-2479679844-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F593F8FF-B05C-BC5E-3CD3-B3AD82C32923}*]
@Allowed: (Read) (RestrictedCode)
"oahfgedffejoinekceaapihflhenln"=hex:64,61,6b,64,6a,68,69,6c,00,fc
"oadelgipdohjcfllfbhchlbdbohpef"=hex:69,61,62,64,6f,6f,64,68,63,6a,69,6d,63,68,
   65,6e,6d,67,00,00
"nandjbbhhdogfhnjkcnhpionbggk"=hex:6a,61,6b,64,6d,68,6b,64,70,6a,64,66,6b,64,
   70,69,6f,68,61,68,00,ff
.
[HKEY_USERS\S-1-5-21-3171237338-2043165809-2479679844-1000\Software\SecuROM\License information*]
"datasecu"=hex:a8,fd,a0,65,e8,73,f8,8b,99,2b,bf,d2,04,43,2e,d3,b8,d4,8b,c9,59,
   7d,d6,e3,71,af,56,80,1c,90,84,d3,b9,0b,53,ee,aa,05,d1,02,e3,f4,18,f2,ed,62,\
"rkeysecu"=hex:07,0a,af,60,5b,75,7c,15,2d,72,68,e1,56,86,bb,7f
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Hardcopy\hcdll2_ex_Win32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-06  19:02:30 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-06 17:02
.
Vor Suchlauf: 9 Verzeichnis(se), 25.994.108.928 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 26.624.720.896 Bytes frei
.
- - End Of File - - C0299CDEAD9FA7C9D165C423B0463F57
         
--- --- ---


Vielen Dank!

Alt 09.07.2012, 19:36   #7
markusg
/// Malware-holic
 
GVU-Trojaner mit Webcam - Standard

GVU-Trojaner mit Webcam



poste bitte alle bisher erstellten Malwarebytes logs, mit funden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 09.07.2012, 19:40   #8
TomK
 
GVU-Trojaner mit Webcam - Standard

GVU-Trojaner mit Webcam



Danke für die Antwort,

ich hatte nur einen Fund, das war zu Beginn. Den habe ich dann auch gelöscht. Wie kann ich die Funde sehen?

anbei die erste Logdatei:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.04.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Thomas :: THOMAS-PC [Administrator]

Schutz: Aktiviert

04.07.2012 17:22:01
mbam-log-2012-07-04 (17-22-01).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 490953
Laufzeit: 22 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Thomas\AppData\Local\Temp\~!#F83E.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Vielen Dank!

Alt 09.07.2012, 19:42   #9
markusg
/// Malware-holic
 
GVU-Trojaner mit Webcam - Standard

GVU-Trojaner mit Webcam



download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 09.07.2012, 19:47   #10
TomK
 
GVU-Trojaner mit Webcam - Standard

GVU-Trojaner mit Webcam



Hallo,

anbei der Log:

Code:
ATTFilter
20:45:55.0521 5456	TDSS rootkit removing tool 2.7.45.0 Jul  9 2012 12:46:35
20:45:55.0586 5456	============================================================
20:45:55.0586 5456	Current date / time: 2012/07/09 20:45:55.0586
20:45:55.0586 5456	SystemInfo:
20:45:55.0586 5456	
20:45:55.0586 5456	OS Version: 6.1.7601 ServicePack: 1.0
20:45:55.0586 5456	Product type: Workstation
20:45:55.0586 5456	ComputerName: THOMAS-PC
20:45:55.0587 5456	UserName: Thomas
20:45:55.0587 5456	Windows directory: C:\Windows
20:45:55.0587 5456	System windows directory: C:\Windows
20:45:55.0587 5456	Running under WOW64
20:45:55.0587 5456	Processor architecture: Intel x64
20:45:55.0587 5456	Number of processors: 4
20:45:55.0587 5456	Page size: 0x1000
20:45:55.0587 5456	Boot type: Normal boot
20:45:55.0587 5456	============================================================
20:46:01.0215 5456	Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:46:01.0215 5456	Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:46:01.0215 5456	Drive \Device\Harddisk2\DR2 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:46:01.0325 5456	============================================================
20:46:01.0325 5456	\Device\Harddisk0\DR0:
20:46:01.0326 5456	MBR partitions:
20:46:01.0326 5456	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:46:01.0326 5456	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
20:46:01.0326 5456	\Device\Harddisk1\DR1:
20:46:01.0326 5456	MBR partitions:
20:46:01.0326 5456	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800
20:46:01.0326 5456	\Device\Harddisk2\DR2:
20:46:01.0327 5456	MBR partitions:
20:46:01.0327 5456	\Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800
20:46:01.0327 5456	============================================================
20:46:01.0328 5456	C: <-> \Device\Harddisk0\DR0\Partition1
20:46:01.0346 5456	D: <-> \Device\Harddisk1\DR1\Partition0
20:46:01.0371 5456	E: <-> \Device\Harddisk2\DR2\Partition0
20:46:01.0371 5456	============================================================
20:46:01.0371 5456	Initialize success
20:46:01.0371 5456	============================================================
20:46:30.0510 6672	============================================================
20:46:30.0510 6672	Scan started
20:46:30.0510 6672	Mode: Manual; SigCheck; TDLFS; 
20:46:30.0510 6672	============================================================
20:46:30.0610 6672	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:46:30.0643 6672	1394ohci - ok
20:46:30.0654 6672	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:46:30.0665 6672	ACPI - ok
20:46:30.0667 6672	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:46:30.0687 6672	AcpiPmi - ok
20:46:30.0697 6672	AdobeActiveFileMonitor10.0 (c245e08ec469a52a622efdc9787a0dcc) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
20:46:30.0705 6672	AdobeActiveFileMonitor10.0 - ok
20:46:30.0711 6672	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:46:30.0716 6672	AdobeARMservice - ok
20:46:30.0729 6672	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:46:30.0741 6672	adp94xx - ok
20:46:30.0752 6672	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:46:30.0763 6672	adpahci - ok
20:46:30.0770 6672	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:46:30.0778 6672	adpu320 - ok
20:46:30.0783 6672	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:46:30.0835 6672	AeLookupSvc - ok
20:46:30.0849 6672	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:46:30.0861 6672	AFD - ok
20:46:30.0865 6672	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:46:30.0871 6672	agp440 - ok
20:46:30.0876 6672	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:46:30.0886 6672	ALG - ok
20:46:30.0889 6672	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:46:30.0895 6672	aliide - ok
20:46:30.0900 6672	ALSysIO - ok
20:46:30.0909 6672	AMD External Events Utility (514089cb4a7df38dc4dd936ade4114d3) C:\Windows\system32\atiesrxx.exe
20:46:30.0924 6672	AMD External Events Utility - ok
20:46:30.0927 6672	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:46:30.0933 6672	amdide - ok
20:46:30.0936 6672	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:46:30.0945 6672	AmdK8 - ok
20:46:31.0191 6672	amdkmdag        (9a4b92150a5e259a7159d914cc3a60d7) C:\Windows\system32\DRIVERS\atikmdag.sys
20:46:31.0297 6672	amdkmdag - ok
20:46:31.0331 6672	amdkmdap        (9deb889d152f9c9dba98be8986084535) C:\Windows\system32\DRIVERS\atikmpag.sys
20:46:31.0341 6672	amdkmdap - ok
20:46:31.0345 6672	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:46:31.0353 6672	AmdPPM - ok
20:46:31.0358 6672	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:46:31.0366 6672	amdsata - ok
20:46:31.0373 6672	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:46:31.0381 6672	amdsbs - ok
20:46:31.0384 6672	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:46:31.0390 6672	amdxata - ok
20:46:31.0394 6672	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:46:31.0453 6672	AppID - ok
20:46:31.0457 6672	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:46:31.0478 6672	AppIDSvc - ok
20:46:31.0483 6672	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:46:31.0503 6672	Appinfo - ok
20:46:31.0511 6672	Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:46:31.0517 6672	Apple Mobile Device - ok
20:46:31.0524 6672	AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
20:46:31.0533 6672	AppMgmt - ok
20:46:31.0537 6672	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:46:31.0544 6672	arc - ok
20:46:31.0549 6672	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:46:31.0557 6672	arcsas - ok
20:46:31.0568 6672	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:46:31.0574 6672	aspnet_state - ok
20:46:31.0577 6672	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:46:31.0599 6672	AsyncMac - ok
20:46:31.0602 6672	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:46:31.0608 6672	atapi - ok
20:46:31.0613 6672	AtiHDAudioService (cbd14f698def12ee3557604b726cb8eb) C:\Windows\system32\drivers\AtihdW76.sys
20:46:31.0622 6672	AtiHDAudioService - ok
20:46:31.0643 6672	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:46:31.0669 6672	AudioEndpointBuilder - ok
20:46:31.0674 6672	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:46:31.0698 6672	AudioSrv - ok
20:46:31.0704 6672	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:46:31.0724 6672	AxInstSV - ok
20:46:31.0739 6672	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:46:31.0751 6672	b06bdrv - ok
20:46:31.0762 6672	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:46:31.0772 6672	b57nd60a - ok
20:46:31.0778 6672	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:46:31.0786 6672	BDESVC - ok
20:46:31.0788 6672	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:46:31.0809 6672	Beep - ok
20:46:31.0831 6672	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
20:46:31.0859 6672	BFE - ok
20:46:31.0883 6672	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
20:46:31.0913 6672	BITS - ok
20:46:31.0920 6672	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:46:31.0927 6672	blbdrive - ok
20:46:31.0942 6672	Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
20:46:31.0951 6672	Bonjour Service - ok
20:46:31.0957 6672	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:46:31.0965 6672	bowser - ok
20:46:31.0968 6672	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:46:31.0983 6672	BrFiltLo - ok
20:46:31.0986 6672	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:46:31.0995 6672	BrFiltUp - ok
20:46:31.0999 6672	BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
20:46:32.0022 6672	BridgeMP - ok
20:46:32.0029 6672	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:46:32.0051 6672	Browser - ok
20:46:32.0060 6672	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:46:32.0073 6672	Brserid - ok
20:46:32.0076 6672	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:46:32.0084 6672	BrSerWdm - ok
20:46:32.0087 6672	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:46:32.0095 6672	BrUsbMdm - ok
20:46:32.0097 6672	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:46:32.0104 6672	BrUsbSer - ok
20:46:32.0108 6672	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:46:32.0117 6672	BTHMODEM - ok
20:46:32.0122 6672	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:46:32.0143 6672	bthserv - ok
20:46:32.0145 6672	catchme - ok
20:46:32.0150 6672	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:46:32.0172 6672	cdfs - ok
20:46:32.0178 6672	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:46:32.0186 6672	cdrom - ok
20:46:32.0191 6672	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:46:32.0214 6672	CertPropSvc - ok
20:46:32.0218 6672	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:46:32.0227 6672	circlass - ok
20:46:32.0231 6672	CLBStor         (125327df629324fad78d9a95ccd0f425) C:\Windows\system32\DRIVERS\CLBStor.sys
20:46:32.0236 6672	CLBStor - ok
20:46:32.0245 6672	CLBUDF          (9c0cd75fea24e7e0e835eee7f14406f7) C:\Windows\system32\drivers\CLBUDF.sys
20:46:32.0253 6672	CLBUDF - ok
20:46:32.0264 6672	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:46:32.0274 6672	CLFS - ok
20:46:32.0281 6672	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:46:32.0287 6672	clr_optimization_v2.0.50727_32 - ok
20:46:32.0293 6672	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:46:32.0299 6672	clr_optimization_v2.0.50727_64 - ok
20:46:32.0308 6672	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:46:32.0314 6672	clr_optimization_v4.0.30319_32 - ok
20:46:32.0324 6672	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:46:32.0330 6672	clr_optimization_v4.0.30319_64 - ok
20:46:32.0336 6672	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:46:32.0342 6672	CmBatt - ok
20:46:32.0345 6672	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:46:32.0351 6672	cmdide - ok
20:46:32.0363 6672	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:46:32.0378 6672	CNG - ok
20:46:32.0380 6672	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:46:32.0386 6672	Compbatt - ok
20:46:32.0389 6672	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:46:32.0398 6672	CompositeBus - ok
20:46:32.0400 6672	COMSysApp - ok
20:46:32.0403 6672	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:46:32.0409 6672	crcdisk - ok
20:46:32.0416 6672	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
20:46:32.0425 6672	CryptSvc - ok
20:46:32.0440 6672	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
20:46:32.0453 6672	CSC - ok
20:46:32.0472 6672	CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
20:46:32.0485 6672	CscService - ok
20:46:32.0488 6672	CVirtA          (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
20:46:32.0493 6672	CVirtA - ok
20:46:32.0530 6672	CVPND           (66257cb4e4fb69887cddc71663741435) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
20:46:32.0631 6672	CVPND - ok
20:46:32.0662 6672	CVPNDRVA        (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys
20:46:32.0680 6672	CVPNDRVA - ok
20:46:32.0684 6672	dc3d            (a5d3d53178394cc7a8a26bb532575b59) C:\Windows\system32\DRIVERS\dc3d.sys
20:46:32.0689 6672	dc3d - ok
20:46:32.0706 6672	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:46:32.0732 6672	DcomLaunch - ok
20:46:32.0742 6672	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:46:32.0767 6672	defragsvc - ok
20:46:32.0772 6672	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:46:32.0794 6672	DfsC - ok
20:46:32.0805 6672	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:46:32.0829 6672	Dhcp - ok
20:46:32.0833 6672	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:46:32.0854 6672	discache - ok
20:46:32.0858 6672	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:46:32.0864 6672	Disk - ok
20:46:32.0870 6672	DNE             (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
20:46:32.0875 6672	DNE - ok
20:46:32.0883 6672	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:46:32.0892 6672	Dnscache - ok
20:46:32.0901 6672	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:46:32.0925 6672	dot3svc - ok
20:46:32.0931 6672	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:46:32.0953 6672	DPS - ok
20:46:32.0956 6672	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:46:32.0964 6672	drmkaud - ok
20:46:32.0991 6672	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:46:33.0006 6672	DXGKrnl - ok
20:46:33.0011 6672	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:46:33.0033 6672	EapHost - ok
20:46:33.0100 6672	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:46:33.0134 6672	ebdrv - ok
20:46:33.0157 6672	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:46:33.0165 6672	EFS - ok
20:46:33.0182 6672	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:46:33.0199 6672	ehRecvr - ok
20:46:33.0204 6672	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:46:33.0214 6672	ehSched - ok
20:46:33.0232 6672	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:46:33.0245 6672	elxstor - ok
20:46:33.0247 6672	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:46:33.0255 6672	ErrDev - ok
20:46:33.0259 6672	EtronHub3       (df2f6c1e55f6e81cfc7f688380d85816) C:\Windows\system32\Drivers\EtronHub3.sys
20:46:33.0265 6672	EtronHub3 - ok
20:46:33.0268 6672	EtronXHCI       (e093abfb67a4b9d94f80611a7d0a8bb9) C:\Windows\system32\Drivers\EtronXHCI.sys
20:46:33.0274 6672	EtronXHCI - ok
20:46:33.0289 6672	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:46:33.0315 6672	EventSystem - ok
20:46:33.0322 6672	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:46:33.0345 6672	exfat - ok
20:46:33.0351 6672	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:46:33.0375 6672	fastfat - ok
20:46:33.0395 6672	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:46:33.0410 6672	Fax - ok
20:46:33.0413 6672	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:46:33.0420 6672	fdc - ok
20:46:33.0423 6672	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:46:33.0445 6672	fdPHost - ok
20:46:33.0448 6672	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:46:33.0470 6672	FDResPub - ok
20:46:33.0474 6672	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:46:33.0481 6672	FileInfo - ok
20:46:33.0483 6672	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:46:33.0505 6672	Filetrace - ok
20:46:33.0508 6672	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:46:33.0515 6672	flpydisk - ok
20:46:33.0524 6672	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:46:33.0533 6672	FltMgr - ok
20:46:33.0564 6672	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:46:33.0583 6672	FontCache - ok
20:46:33.0587 6672	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:46:33.0592 6672	FontCache3.0.0.0 - ok
20:46:33.0598 6672	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:46:33.0605 6672	FsDepends - ok
20:46:33.0607 6672	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:46:33.0613 6672	Fs_Rec - ok
20:46:33.0622 6672	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:46:33.0632 6672	fvevol - ok
20:46:33.0636 6672	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:46:33.0643 6672	gagp30kx - ok
20:46:33.0647 6672	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:46:33.0651 6672	GEARAspiWDM - ok
20:46:33.0674 6672	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:46:33.0704 6672	gpsvc - ok
20:46:33.0707 6672	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:46:33.0714 6672	hcw85cir - ok
20:46:33.0726 6672	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:46:33.0739 6672	HdAudAddService - ok
20:46:33.0745 6672	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:46:33.0755 6672	HDAudBus - ok
20:46:33.0758 6672	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:46:33.0765 6672	HidBatt - ok
20:46:33.0769 6672	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:46:33.0779 6672	HidBth - ok
20:46:33.0783 6672	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:46:33.0792 6672	HidIr - ok
20:46:33.0795 6672	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
20:46:33.0817 6672	hidserv - ok
20:46:33.0820 6672	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
20:46:33.0826 6672	HidUsb - ok
20:46:33.0831 6672	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:46:33.0854 6672	hkmsvc - ok
20:46:33.0863 6672	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:46:33.0872 6672	HomeGroupListener - ok
20:46:33.0881 6672	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:46:33.0890 6672	HomeGroupProvider - ok
20:46:33.0894 6672	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:46:33.0900 6672	HpSAMD - ok
20:46:33.0904 6672	HTCAND64        (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
20:46:33.0911 6672	HTCAND64 - ok
20:46:33.0915 6672	htcnprot        (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
20:46:33.0921 6672	htcnprot - ok
20:46:33.0941 6672	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:46:33.0969 6672	HTTP - ok
20:46:33.0971 6672	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:46:33.0977 6672	hwpolicy - ok
20:46:33.0983 6672	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:46:33.0991 6672	i8042prt - ok
20:46:34.0003 6672	iaStor          (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys
20:46:34.0012 6672	iaStor - ok
20:46:34.0018 6672	IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
20:46:34.0023 6672	IAStorDataMgrSvc - ok
20:46:34.0033 6672	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:46:34.0043 6672	iaStorV - ok
20:46:34.0047 6672	IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:46:34.0050 6672	IDriverT ( UnsignedFile.Multi.Generic ) - warning
20:46:34.0051 6672	IDriverT - detected UnsignedFile.Multi.Generic (1)
20:46:34.0078 6672	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:46:34.0096 6672	idsvc - ok
20:46:34.0122 6672	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:46:34.0128 6672	iirsp - ok
20:46:34.0147 6672	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:46:34.0176 6672	IKEEXT - ok
20:46:34.0244 6672	IntcAzAudAddService (e8017f1662d9142f45ceab694d013c00) C:\Windows\system32\drivers\RTKVHD64.sys
20:46:34.0273 6672	IntcAzAudAddService - ok
20:46:34.0299 6672	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:46:34.0306 6672	intelide - ok
20:46:34.0309 6672	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:46:34.0317 6672	intelppm - ok
20:46:34.0321 6672	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:46:34.0343 6672	IPBusEnum - ok
20:46:34.0348 6672	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:46:34.0369 6672	IpFilterDriver - ok
20:46:34.0384 6672	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
20:46:34.0410 6672	iphlpsvc - ok
20:46:34.0414 6672	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:46:34.0423 6672	IPMIDRV - ok
20:46:34.0428 6672	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:46:34.0452 6672	IPNAT - ok
20:46:34.0476 6672	iPod Service    (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
20:46:34.0491 6672	iPod Service - ok
20:46:34.0494 6672	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:46:34.0511 6672	IRENUM - ok
20:46:34.0515 6672	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:46:34.0521 6672	isapnp - ok
20:46:34.0529 6672	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:46:34.0539 6672	iScsiPrt - ok
20:46:34.0543 6672	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:46:34.0549 6672	kbdclass - ok
20:46:34.0552 6672	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
20:46:34.0560 6672	kbdhid - ok
20:46:34.0563 6672	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:46:34.0569 6672	KeyIso - ok
20:46:34.0573 6672	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:46:34.0580 6672	KSecDD - ok
20:46:34.0586 6672	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:46:34.0593 6672	KSecPkg - ok
20:46:34.0596 6672	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:46:34.0617 6672	ksthunk - ok
20:46:34.0629 6672	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:46:34.0655 6672	KtmRm - ok
20:46:34.0664 6672	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
20:46:34.0687 6672	LanmanServer - ok
20:46:34.0693 6672	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:46:34.0716 6672	LanmanWorkstation - ok
20:46:34.0720 6672	LGBusEnum       (db164eb571fd118d277d939510b0f562) C:\Windows\system32\drivers\LGBusEnum.sys
20:46:34.0725 6672	LGBusEnum - ok
20:46:34.0729 6672	LGSHidFilt      (1af3a5a9bc310c88f2efcebd08d381ab) C:\Windows\system32\DRIVERS\LGSHidFilt.Sys
20:46:34.0735 6672	LGSHidFilt - ok
20:46:34.0738 6672	LGVirHid        (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
20:46:34.0742 6672	LGVirHid - ok
20:46:34.0748 6672	LightScribeService (3503f257b3203f824b1567238ebe17e2) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
20:46:34.0751 6672	LightScribeService ( UnsignedFile.Multi.Generic ) - warning
20:46:34.0751 6672	LightScribeService - detected UnsignedFile.Multi.Generic (1)
20:46:34.0755 6672	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:46:34.0777 6672	lltdio - ok
20:46:34.0787 6672	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:46:34.0811 6672	lltdsvc - ok
20:46:34.0814 6672	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:46:34.0836 6672	lmhosts - ok
20:46:34.0842 6672	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:46:34.0850 6672	LSI_FC - ok
20:46:34.0855 6672	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:46:34.0862 6672	LSI_SAS - ok
20:46:34.0866 6672	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:46:34.0873 6672	LSI_SAS2 - ok
20:46:34.0878 6672	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:46:34.0885 6672	LSI_SCSI - ok
20:46:34.0891 6672	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:46:34.0913 6672	luafv - ok
20:46:34.0923 6672	LVRS64          (0c85b2b6fb74b36a251792d45e0ef860) C:\Windows\system32\DRIVERS\lvrs64.sys
20:46:34.0933 6672	LVRS64 - ok
20:46:35.0033 6672	LVUVC64         (ff3a488924b0032b1a9ca6948c1fa9e8) C:\Windows\system32\DRIVERS\lvuvc64.sys
20:46:35.0084 6672	LVUVC64 - ok
20:46:35.0112 6672	MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
20:46:35.0118 6672	MBAMProtector - ok
20:46:35.0136 6672	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:46:35.0148 6672	MBAMService - ok
20:46:35.0153 6672	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:46:35.0162 6672	Mcx2Svc - ok
20:46:35.0165 6672	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:46:35.0171 6672	megasas - ok
20:46:35.0181 6672	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:46:35.0191 6672	MegaSR - ok
20:46:35.0195 6672	MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
20:46:35.0200 6672	MEIx64 - ok
20:46:35.0205 6672	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:46:35.0228 6672	MMCSS - ok
20:46:35.0231 6672	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:46:35.0253 6672	Modem - ok
20:46:35.0256 6672	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:46:35.0265 6672	monitor - ok
20:46:35.0268 6672	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:46:35.0274 6672	mouclass - ok
20:46:35.0277 6672	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:46:35.0285 6672	mouhid - ok
20:46:35.0290 6672	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:46:35.0296 6672	mountmgr - ok
20:46:35.0303 6672	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:46:35.0309 6672	MozillaMaintenance - ok
20:46:35.0316 6672	MpFilter        (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
20:46:35.0324 6672	MpFilter - ok
20:46:35.0330 6672	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:46:35.0338 6672	mpio - ok
20:46:35.0342 6672	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:46:35.0364 6672	mpsdrv - ok
20:46:35.0390 6672	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
20:46:35.0419 6672	MpsSvc - ok
20:46:35.0425 6672	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:46:35.0436 6672	MRxDAV - ok
20:46:35.0442 6672	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:46:35.0451 6672	mrxsmb - ok
20:46:35.0460 6672	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:46:35.0469 6672	mrxsmb10 - ok
20:46:35.0473 6672	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:46:35.0480 6672	mrxsmb20 - ok
20:46:35.0483 6672	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:46:35.0489 6672	msahci - ok
20:46:35.0494 6672	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:46:35.0502 6672	msdsm - ok
20:46:35.0508 6672	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:46:35.0517 6672	MSDTC - ok
20:46:35.0522 6672	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:46:35.0543 6672	Msfs - ok
20:46:35.0546 6672	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:46:35.0567 6672	mshidkmdf - ok
20:46:35.0569 6672	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:46:35.0575 6672	msisadrv - ok
20:46:35.0581 6672	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:46:35.0604 6672	MSiSCSI - ok
20:46:35.0606 6672	msiserver - ok
20:46:35.0609 6672	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:46:35.0630 6672	MSKSSRV - ok
20:46:35.0635 6672	MsMpSvc         (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe
20:46:35.0641 6672	MsMpSvc - ok
20:46:35.0643 6672	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:46:35.0664 6672	MSPCLOCK - ok
20:46:35.0666 6672	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:46:35.0688 6672	MSPQM - ok
20:46:35.0701 6672	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:46:35.0711 6672	MsRPC - ok
20:46:35.0716 6672	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:46:35.0721 6672	mssmbios - ok
20:46:35.0724 6672	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:46:35.0745 6672	MSTEE - ok
20:46:35.0747 6672	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:46:35.0754 6672	MTConfig - ok
20:46:35.0757 6672	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:46:35.0763 6672	Mup - ok
20:46:35.0777 6672	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:46:35.0803 6672	napagent - ok
20:46:35.0814 6672	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:46:35.0826 6672	NativeWifiP - ok
20:46:35.0854 6672	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:46:35.0871 6672	NDIS - ok
20:46:35.0875 6672	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:46:35.0896 6672	NdisCap - ok
20:46:35.0899 6672	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:46:35.0920 6672	NdisTapi - ok
20:46:35.0924 6672	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:46:35.0945 6672	Ndisuio - ok
20:46:35.0952 6672	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:46:35.0974 6672	NdisWan - ok
20:46:35.0978 6672	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:46:35.0999 6672	NDProxy - ok
20:46:36.0002 6672	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:46:36.0023 6672	NetBIOS - ok
20:46:36.0032 6672	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:46:36.0055 6672	NetBT - ok
20:46:36.0059 6672	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:46:36.0066 6672	Netlogon - ok
20:46:36.0077 6672	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:46:36.0102 6672	Netman - ok
20:46:36.0112 6672	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:46:36.0118 6672	NetMsmqActivator - ok
20:46:36.0120 6672	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:46:36.0125 6672	NetPipeActivator - ok
20:46:36.0141 6672	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:46:36.0167 6672	netprofm - ok
20:46:36.0195 6672	netr28ux        (618c55b392238b9467f9113e13525c49) C:\Windows\system32\DRIVERS\netr28ux.sys
20:46:36.0211 6672	netr28ux - ok
20:46:36.0221 6672	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:46:36.0227 6672	NetTcpActivator - ok
20:46:36.0229 6672	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:46:36.0234 6672	NetTcpPortSharing - ok
20:46:36.0239 6672	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:46:36.0246 6672	nfrd960 - ok
20:46:36.0250 6672	NisDrv          (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:46:36.0256 6672	NisDrv - ok
20:46:36.0266 6672	NisSrv          (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
20:46:36.0275 6672	NisSrv - ok
20:46:36.0287 6672	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:46:36.0311 6672	NlaSvc - ok
20:46:36.0314 6672	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:46:36.0336 6672	Npfs - ok
20:46:36.0339 6672	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:46:36.0360 6672	nsi - ok
20:46:36.0363 6672	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:46:36.0384 6672	nsiproxy - ok
20:46:36.0434 6672	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:46:36.0461 6672	Ntfs - ok
20:46:36.0487 6672	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:46:36.0507 6672	Null - ok
20:46:36.0514 6672	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:46:36.0521 6672	nvraid - ok
20:46:36.0527 6672	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:46:36.0535 6672	nvstor - ok
20:46:36.0541 6672	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:46:36.0548 6672	nv_agp - ok
20:46:36.0564 6672	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:46:36.0574 6672	odserv - ok
20:46:36.0578 6672	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:46:36.0586 6672	ohci1394 - ok
20:46:36.0592 6672	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:46:36.0598 6672	ose - ok
20:46:36.0707 6672	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:46:36.0767 6672	osppsvc - ok
20:46:36.0799 6672	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:46:36.0810 6672	p2pimsvc - ok
20:46:36.0825 6672	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:46:36.0837 6672	p2psvc - ok
20:46:36.0845 6672	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:46:36.0853 6672	Parport - ok
20:46:36.0857 6672	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
20:46:36.0863 6672	partmgr - ok
20:46:36.0870 6672	PassThru Service (afada8b97be3c9398dc6c770409c3544) C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
20:46:36.0908 6672	PassThru Service ( UnsignedFile.Multi.Generic ) - warning
20:46:36.0908 6672	PassThru Service - detected UnsignedFile.Multi.Generic (1)
20:46:36.0916 6672	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:46:36.0929 6672	PcaSvc - ok
20:46:36.0937 6672	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:46:36.0946 6672	pci - ok
20:46:36.0948 6672	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:46:36.0955 6672	pciide - ok
20:46:36.0961 6672	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:46:36.0970 6672	pcmcia - ok
20:46:36.0973 6672	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:46:36.0979 6672	pcw - ok
20:46:36.0998 6672	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:46:37.0026 6672	PEAUTH - ok
20:46:37.0057 6672	PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
20:46:37.0077 6672	PeerDistSvc - ok
20:46:37.0098 6672	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:46:37.0106 6672	PerfHost - ok
20:46:37.0162 6672	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:46:37.0196 6672	pla - ok
20:46:37.0211 6672	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:46:37.0223 6672	PlugPlay - ok
20:46:37.0225 6672	PnkBstrA - ok
20:46:37.0229 6672	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:46:37.0237 6672	PNRPAutoReg - ok
20:46:37.0248 6672	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:46:37.0257 6672	PNRPsvc - ok
20:46:37.0264 6672	Point64         (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
20:46:37.0269 6672	Point64 - ok
20:46:37.0285 6672	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:46:37.0312 6672	PolicyAgent - ok
20:46:37.0320 6672	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:46:37.0343 6672	Power - ok
20:46:37.0349 6672	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:46:37.0370 6672	PptpMiniport - ok
20:46:37.0375 6672	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:46:37.0382 6672	Processor - ok
20:46:37.0389 6672	ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
20:46:37.0398 6672	ProfSvc - ok
20:46:37.0401 6672	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:46:37.0407 6672	ProtectedStorage - ok
20:46:37.0413 6672	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:46:37.0436 6672	Psched - ok
20:46:37.0440 6672	PxHlpa64        (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
20:46:37.0445 6672	PxHlpa64 - ok
20:46:37.0483 6672	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:46:37.0509 6672	ql2300 - ok
20:46:37.0537 6672	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:46:37.0545 6672	ql40xx - ok
20:46:37.0553 6672	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:46:37.0566 6672	QWAVE - ok
20:46:37.0570 6672	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:46:37.0580 6672	QWAVEdrv - ok
20:46:37.0582 6672	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:46:37.0604 6672	RasAcd - ok
20:46:37.0608 6672	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:46:37.0629 6672	RasAgileVpn - ok
20:46:37.0634 6672	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:46:37.0657 6672	RasAuto - ok
20:46:37.0663 6672	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:46:37.0685 6672	Rasl2tp - ok
20:46:37.0695 6672	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:46:37.0719 6672	RasMan - ok
20:46:37.0724 6672	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:46:37.0747 6672	RasPppoe - ok
20:46:37.0751 6672	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:46:37.0773 6672	RasSstp - ok
20:46:37.0784 6672	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:46:37.0808 6672	rdbss - ok
20:46:37.0810 6672	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:46:37.0819 6672	rdpbus - ok
20:46:37.0822 6672	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:46:37.0843 6672	RDPCDD - ok
20:46:37.0850 6672	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
20:46:37.0858 6672	RDPDR - ok
20:46:37.0861 6672	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:46:37.0883 6672	RDPENCDD - ok
20:46:37.0886 6672	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:46:37.0907 6672	RDPREFMP - ok
20:46:37.0913 6672	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
20:46:37.0922 6672	RDPWD - ok
20:46:37.0930 6672	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:46:37.0939 6672	rdyboost - ok
20:46:37.0943 6672	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:46:37.0966 6672	RemoteAccess - ok
20:46:37.0973 6672	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:46:37.0995 6672	RemoteRegistry - ok
20:46:37.0999 6672	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:46:38.0021 6672	RpcEptMapper - ok
20:46:38.0024 6672	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:46:38.0031 6672	RpcLocator - ok
20:46:38.0049 6672	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:46:38.0073 6672	RpcSs - ok
20:46:38.0078 6672	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:46:38.0101 6672	rspndr - ok
20:46:38.0112 6672	RTL8167         (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:46:38.0120 6672	RTL8167 - ok
20:46:38.0122 6672	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
20:46:38.0129 6672	s3cap - ok
20:46:38.0132 6672	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:46:38.0138 6672	SamSs - ok
20:46:38.0143 6672	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:46:38.0150 6672	sbp2port - ok
20:46:38.0156 6672	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:46:38.0179 6672	SCardSvr - ok
20:46:38.0182 6672	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:46:38.0203 6672	scfilter - ok
20:46:38.0235 6672	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:46:38.0267 6672	Schedule - ok
20:46:38.0272 6672	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:46:38.0293 6672	SCPolicySvc - ok
20:46:38.0300 6672	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:46:38.0310 6672	SDRSVC - ok
20:46:38.0317 6672	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:46:38.0338 6672	secdrv - ok
20:46:38.0342 6672	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:46:38.0363 6672	seclogon - ok
20:46:38.0368 6672	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
20:46:38.0391 6672	SENS - ok
20:46:38.0394 6672	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:46:38.0402 6672	SensrSvc - ok
20:46:38.0405 6672	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:46:38.0413 6672	Serenum - ok
20:46:38.0417 6672	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:46:38.0424 6672	Serial - ok
20:46:38.0427 6672	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:46:38.0434 6672	sermouse - ok
20:46:38.0442 6672	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:46:38.0464 6672	SessionEnv - ok
20:46:38.0467 6672	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:46:38.0476 6672	sffdisk - ok
20:46:38.0478 6672	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:46:38.0487 6672	sffp_mmc - ok
20:46:38.0489 6672	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:46:38.0498 6672	sffp_sd - ok
20:46:38.0501 6672	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:46:38.0508 6672	sfloppy - ok
20:46:38.0519 6672	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:46:38.0544 6672	SharedAccess - ok
20:46:38.0557 6672	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:46:38.0582 6672	ShellHWDetection - ok
20:46:38.0586 6672	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:46:38.0593 6672	SiSRaid2 - ok
20:46:38.0596 6672	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:46:38.0603 6672	SiSRaid4 - ok
20:46:38.0672 6672	Skype C2C Service (4ca43b85f22c7739311788b651a779cb) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
20:46:38.0711 6672	Skype C2C Service - ok
20:46:38.0720 6672	SkypeUpdate     (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
20:46:38.0726 6672	SkypeUpdate - ok
20:46:38.0754 6672	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:46:38.0777 6672	Smb - ok
20:46:38.0782 6672	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:46:38.0790 6672	SNMPTRAP - ok
20:46:38.0793 6672	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:46:38.0799 6672	spldr - ok
20:46:38.0817 6672	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:46:38.0844 6672	Spooler - ok
20:46:38.0946 6672	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:46:39.0002 6672	sppsvc - ok
20:46:39.0027 6672	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:46:39.0049 6672	sppuinotify - ok
20:46:39.0052 6672	sptd - ok
20:46:39.0071 6672	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:46:39.0083 6672	srv - ok
20:46:39.0094 6672	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:46:39.0105 6672	srv2 - ok
20:46:39.0112 6672	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:46:39.0121 6672	srvnet - ok
20:46:39.0129 6672	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:46:39.0153 6672	SSDPSRV - ok
20:46:39.0157 6672	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:46:39.0180 6672	SstpSvc - ok
20:46:39.0184 6672	Steam Client Service - ok
20:46:39.0188 6672	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:46:39.0194 6672	stexstor - ok
20:46:39.0209 6672	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:46:39.0225 6672	stisvc - ok
20:46:39.0229 6672	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
20:46:39.0235 6672	storflt - ok
20:46:39.0238 6672	StorSvc         (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
20:46:39.0245 6672	StorSvc - ok
20:46:39.0248 6672	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
20:46:39.0254 6672	storvsc - ok
20:46:39.0256 6672	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:46:39.0262 6672	swenum - ok
20:46:39.0278 6672	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:46:39.0306 6672	swprv - ok
20:46:39.0350 6672	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:46:39.0377 6672	SysMain - ok
20:46:39.0400 6672	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:46:39.0411 6672	TabletInputService - ok
20:46:39.0423 6672	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:46:39.0449 6672	TapiSrv - ok
20:46:39.0453 6672	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:46:39.0476 6672	TBS - ok
20:46:39.0521 6672	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
20:46:39.0548 6672	Tcpip - ok
20:46:39.0610 6672	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
20:46:39.0633 6672	TCPIP6 - ok
20:46:39.0657 6672	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:46:39.0678 6672	tcpipreg - ok
20:46:39.0682 6672	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:46:39.0689 6672	TDPIPE - ok
20:46:39.0691 6672	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:46:39.0698 6672	TDTCP - ok
20:46:39.0704 6672	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:46:39.0725 6672	tdx - ok
20:46:39.0730 6672	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:46:39.0736 6672	TermDD - ok
20:46:39.0753 6672	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:46:39.0779 6672	TermService - ok
20:46:39.0783 6672	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:46:39.0794 6672	Themes - ok
20:46:39.0799 6672	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:46:39.0820 6672	THREADORDER - ok
20:46:39.0827 6672	TomTomHOMEService (f3d82327f5f57973e177438a22501c77) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
20:46:39.0832 6672	TomTomHOMEService - ok
20:46:39.0838 6672	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:46:39.0860 6672	TrkWks - ok
20:46:39.0869 6672	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:46:39.0890 6672	TrustedInstaller - ok
20:46:39.0897 6672	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:46:39.0917 6672	tssecsrv - ok
20:46:39.0921 6672	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:46:39.0928 6672	TsUsbFlt - ok
20:46:39.0934 6672	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:46:39.0957 6672	tunnel - ok
20:46:39.0960 6672	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:46:39.0967 6672	uagp35 - ok
20:46:39.0979 6672	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:46:40.0003 6672	udfs - ok
20:46:40.0009 6672	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:46:40.0017 6672	UI0Detect - ok
20:46:40.0021 6672	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:46:40.0027 6672	uliagpkx - ok
20:46:40.0031 6672	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
20:46:40.0039 6672	umbus - ok
20:46:40.0041 6672	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:46:40.0048 6672	UmPass - ok
20:46:40.0056 6672	UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
20:46:40.0064 6672	UmRdpService - ok
20:46:40.0078 6672	UMVPFSrv        (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
20:46:40.0088 6672	UMVPFSrv - ok
20:46:40.0101 6672	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:46:40.0127 6672	upnphost - ok
20:46:40.0131 6672	USBAAPL64       (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
20:46:40.0137 6672	USBAAPL64 - ok
20:46:40.0141 6672	usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
20:46:40.0150 6672	usbaudio - ok
20:46:40.0155 6672	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:46:40.0162 6672	usbccgp - ok
20:46:40.0167 6672	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:46:40.0176 6672	usbcir - ok
20:46:40.0179 6672	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
20:46:40.0186 6672	usbehci - ok
20:46:40.0196 6672	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:46:40.0206 6672	usbhub - ok
20:46:40.0209 6672	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:46:40.0215 6672	usbohci - ok
20:46:40.0218 6672	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:46:40.0227 6672	usbprint - ok
20:46:40.0232 6672	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:46:40.0239 6672	USBSTOR - ok
20:46:40.0242 6672	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:46:40.0249 6672	usbuhci - ok
20:46:40.0252 6672	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:46:40.0274 6672	UxSms - ok
20:46:40.0277 6672	ValFltr         (a85b07af8b98e8c5c7711bf37910a88d) C:\Windows\system32\drivers\ValoFltr.sys
20:46:40.0283 6672	ValFltr - ok
20:46:40.0286 6672	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:46:40.0292 6672	VaultSvc - ok
20:46:40.0295 6672	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:46:40.0301 6672	vdrvroot - ok
20:46:40.0316 6672	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:46:40.0341 6672	vds - ok
20:46:40.0345 6672	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:46:40.0353 6672	vga - ok
20:46:40.0356 6672	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:46:40.0377 6672	VgaSave - ok
20:46:40.0385 6672	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:46:40.0393 6672	vhdmp - ok
20:46:40.0396 6672	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:46:40.0402 6672	viaide - ok
20:46:40.0409 6672	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
20:46:40.0417 6672	vmbus - ok
20:46:40.0420 6672	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
20:46:40.0427 6672	VMBusHID - ok
20:46:40.0431 6672	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:46:40.0437 6672	volmgr - ok
20:46:40.0450 6672	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:46:40.0460 6672	volmgrx - ok
20:46:40.0471 6672	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:46:40.0481 6672	volsnap - ok
20:46:40.0487 6672	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:46:40.0495 6672	vsmraid - ok
20:46:40.0536 6672	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:46:40.0572 6672	VSS - ok
20:46:40.0597 6672	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:46:40.0605 6672	vwifibus - ok
20:46:40.0609 6672	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:46:40.0619 6672	vwififlt - ok
20:46:40.0633 6672	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:46:40.0658 6672	W32Time - ok
20:46:40.0663 6672	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:46:40.0671 6672	WacomPen - ok
20:46:40.0677 6672	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:46:40.0698 6672	WANARP - ok
20:46:40.0700 6672	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:46:40.0721 6672	Wanarpv6 - ok
20:46:40.0762 6672	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:46:40.0785 6672	wbengine - ok
20:46:40.0811 6672	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:46:40.0823 6672	WbioSrvc - ok
20:46:40.0834 6672	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:46:40.0848 6672	wcncsvc - ok
20:46:40.0852 6672	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:46:40.0860 6672	WcsPlugInService - ok
20:46:40.0866 6672	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:46:40.0873 6672	Wd - ok
20:46:40.0892 6672	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:46:40.0929 6672	Wdf01000 - ok
20:46:40.0935 6672	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:46:40.0960 6672	WdiServiceHost - ok
20:46:40.0962 6672	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:46:40.0973 6672	WdiSystemHost - ok
20:46:40.0982 6672	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:46:40.0995 6672	WebClient - ok
20:46:41.0005 6672	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:46:41.0030 6672	Wecsvc - ok
20:46:41.0035 6672	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:46:41.0057 6672	wercplsupport - ok
20:46:41.0062 6672	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:46:41.0084 6672	WerSvc - ok
20:46:41.0091 6672	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:46:41.0112 6672	WfpLwf - ok
20:46:41.0114 6672	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:46:41.0121 6672	WIMMount - ok
20:46:41.0124 6672	WinDefend - ok
20:46:41.0128 6672	WinHttpAutoProxySvc - ok
20:46:41.0141 6672	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:46:41.0164 6672	Winmgmt - ok
20:46:41.0170 6672	WinRing0_1_2_0  (0c0195c48b6b8582fa6f6373032118da) C:\Users\Thomas\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries25.gadget\WinRing0x64.sys
20:46:41.0182 6672	WinRing0_1_2_0 - ok
20:46:41.0227 6672	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:46:41.0265 6672	WinRM - ok
20:46:41.0294 6672	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:46:41.0303 6672	WinUsb - ok
20:46:41.0329 6672	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:46:41.0349 6672	Wlansvc - ok
20:46:41.0354 6672	wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:46:41.0359 6672	wlcrasvc - ok
20:46:41.0418 6672	wlidsvc         (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:46:41.0451 6672	wlidsvc - ok
20:46:41.0476 6672	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:46:41.0483 6672	WmiAcpi - ok
20:46:41.0496 6672	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:46:41.0506 6672	wmiApSrv - ok
20:46:41.0510 6672	WMPNetworkSvc - ok
20:46:41.0513 6672	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:46:41.0522 6672	WPCSvc - ok
20:46:41.0528 6672	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:46:41.0538 6672	WPDBusEnum - ok
20:46:41.0542 6672	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:46:41.0562 6672	ws2ifsl - ok
20:46:41.0567 6672	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
20:46:41.0578 6672	wscsvc - ok
20:46:41.0580 6672	WSearch - ok
20:46:41.0636 6672	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
20:46:41.0669 6672	wuauserv - ok
20:46:41.0697 6672	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:46:41.0718 6672	WudfPf - ok
20:46:41.0725 6672	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:46:41.0746 6672	WUDFRd - ok
20:46:41.0751 6672	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:46:41.0772 6672	wudfsvc - ok
20:46:41.0780 6672	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:46:41.0792 6672	WwanSvc - ok
20:46:41.0807 6672	{B154377D-700F-42cc-9474-23858FBDF4BD} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl
20:46:41.0813 6672	{B154377D-700F-42cc-9474-23858FBDF4BD} - ok
20:46:41.0815 6672	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:46:41.0891 6672	\Device\Harddisk0\DR0 - ok
20:46:41.0892 6672	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
20:46:41.0959 6672	\Device\Harddisk1\DR1 - ok
20:46:41.0961 6672	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
20:46:42.0031 6672	\Device\Harddisk2\DR2 - ok
20:46:42.0034 6672	Boot (0x1200)   (b18bb20dd7b41fd020027a9a4c89bfe3) \Device\Harddisk0\DR0\Partition0
20:46:42.0034 6672	\Device\Harddisk0\DR0\Partition0 - ok
20:46:42.0036 6672	Boot (0x1200)   (a64ce589bb42da13bb8a8c34e085c717) \Device\Harddisk0\DR0\Partition1
20:46:42.0037 6672	\Device\Harddisk0\DR0\Partition1 - ok
20:46:42.0038 6672	Boot (0x1200)   (9915706bad589fa1cff7e4f2b69b6e22) \Device\Harddisk1\DR1\Partition0
20:46:42.0039 6672	\Device\Harddisk1\DR1\Partition0 - ok
20:46:42.0041 6672	Boot (0x1200)   (0d18c41e63b88724a5383c947fad98f1) \Device\Harddisk2\DR2\Partition0
20:46:42.0042 6672	\Device\Harddisk2\DR2\Partition0 - ok
20:46:42.0042 6672	============================================================
20:46:42.0042 6672	Scan finished
20:46:42.0042 6672	============================================================
20:46:42.0047 7100	Detected object count: 3
20:46:42.0047 7100	Actual detected object count: 3
20:46:48.0794 7100	IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:48.0795 7100	IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:46:48.0795 7100	LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:48.0795 7100	LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:46:48.0796 7100	PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:48.0796 7100	PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
Danke!

Alt 11.07.2012, 12:23   #11
markusg
/// Malware-holic
 
GVU-Trojaner mit Webcam - Standard

GVU-Trojaner mit Webcam



hi
lade den CCleaner standard:
CCleaner Download - CCleaner 3.20.1750
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.07.2012, 12:39   #12
TomK
 
GVU-Trojaner mit Webcam - Standard

GVU-Trojaner mit Webcam



Hallo,

anbei die Liste:

Code:
ATTFilter
Adobe AIR	Adobe Systems Incorporated	19.06.2012		3.2.0.2070	---> Notwendig
Adobe Community Help	Adobe Systems Incorporated.	28.11.2011		45049	---> Notwendig
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	30.06.2012	6,00MB	11.3.300.262	---> Notwendig
Adobe Flash Player ActiveX	Adobe Systems Incorporated	15.10.2011		9.0.124.0	---> Notwendig
Adobe Photoshop Elements 10	Adobe Systems Incorporated	28.11.2011	2,60GB	10.0	---> Notwendig
Adobe Reader X (10.1.3) - Deutsch	Adobe Systems Incorporated	12.04.2012	149MB	37631	---> Notwendig
Apple Application Support	Apple Inc.	17.06.2012	61,0MB	39815	---> Notwendig
Apple Mobile Device Support	Apple Inc.	17.06.2012	24,9MB	5.2.0.6	---> Unbekannt
Apple Software Update	Apple Inc.	19.03.2012	2,38MB	2.1.3.127	---> Notwendig
Assassin's Creed Revelations 1.03	Ubisoft	19.04.2012		40969	---> Notwendig
ATI Catalyst Install Manager	ATI Technologies, Inc.	20.04.2012	22,4MB	3.0.829.0	---> Notwendig
Battlefield 3™	Electronic Arts	26.10.2011		1.0.0.0	---> Notwendig
Battlelog Web Plugins	EA Digital Illusions CE AB	27.03.2012		1.118.0	---> Notwendig
Bonjour	Apple Inc.	19.03.2012	2,00MB	3.0.0.10	---> Notwendig
CCleaner	Piriform	22.06.2012		43891	---> Notwendig
Cisco Systems VPN Client 5.0.07.0290		10.11.2011	10,6MB		---> Notwendig
Command & Conquer™ Alarmstufe Rot 3	Electronic Arts	15.10.2011	8,22GB	1.0.1.0	---> Notwendig
Core Temp 1.0 RC2	Alcpu	15.10.2011	2,30MB	1.0	---> Notwendig
CyberLink BD Advisor 2.0		17.10.2011			---> Notwendig
CyberLink Blu-ray Disc Suite	CyberLink Corp.	17.10.2011	38,4MB	7.0.2407	---> Notwendig
CyberLink InstantBurn	CyberLink Corp.	17.10.2011		5.0.6210	---> Notwendig
CyberLink LabelPrint	CyberLink Corp.	17.10.2011	127MB	264193	---> Notwendig
CyberLink MediaShow	CyberLink Corp.	17.10.2011	250MB	5.0.1423	---> Notwendig
CyberLink Power2Go	CyberLink Corp.	17.10.2011	121MB	694698	---> Notwendig
CyberLink PowerBackup	CyberLink Corp.	17.10.2011		1506018	---> Notwendig
CyberLink PowerDVD 9	CyberLink Corp.	17.10.2011	182MB	9.0.2519.50	---> Notwendig
CyberLink PowerProducer	CyberLink Corp.	17.10.2011	175MB	5.0.2.2429	---> Notwendig
DAEMON Tools Lite	DT Soft Ltd	14.10.2011		4.41.3.0173	---> Notwendig
Day of Defeat: Source	Valve	15.10.2011			---> Notwendig
Diablo III	Blizzard Entertainment	11.07.2012		1.0.3.10485	---> Notwendig
Die Sims™ 3	Electronic Arts	20.05.2012		1.33.2	---> Notwendig
Die Sims™ 3 Design-Garten-Accessoires	Electronic Arts	15.10.2011		7.0.55	---> Notwendig
Die Sims™ 3 Einfach tierisch	Electronic Arts	26.10.2011		10.0.96	---> Notwendig
Die Sims™ 3 Gib Gas-Accessoires	Electronic Arts	15.10.2011		5.0.44	---> Notwendig
Die Sims™ 3 Late Night	Electronic Arts	15.10.2011		6.0.81	---> Notwendig
Die Sims™ 3 Lebensfreude	Electronic Arts	15.10.2011		8.0.152	---> Notwendig
Die Sims™ 3 Luxus-Accessoires	Electronic Arts	15.10.2011		3.0.38	---> Notwendig
Die Sims™ 3 Reiseabenteuer	Electronic Arts	15.10.2011		2.0.86	---> Notwendig
Die Sims™ 3 Stadt-Accessoires	Electronic Arts	15.10.2011		9.0.73	---> Notwendig
Die Sims™ 3 Traumkarrieren	Electronic Arts	20.05.2012		4.0.87	---> Notwendig
Direct MP3 Joiner version 3.0.2.9	Piston Software	08.02.2012	4,25MB	3.0.2.9	---> Notwendig
DiRT2	Codemasters	15.10.2011		1.00.0000	---> Notwendig
Dropbox	Dropbox, Inc.	02.06.2012		39173	---> Notwendig
Dungeon Defenders		16.04.2012			---> Notwendig
Dungeon Defenders Demo		09.04.2012			---> Notwendig
Enterprise Architect 9.3  - 30 Day Trial Edition	Sparx Systems	20.04.2012	174MB	9.3.931.22 	---> Notwendig
ESN Sonar	ESN Social Software AB	14.03.2012		0.70.4	---> Notwendig
Etron USB3.0 Host Controller	Etron Technology	14.10.2011	5,12MB	0.96	---> Notwendig
Free M4a to MP3 Converter 7.0	ManiacTools.com	10.02.2012	3,95MB		---> Notwendig
FreePDF (Remove only)		11.05.2012			---> Notwendig
FW LiveUpdate	SAMSUNG	17.10.2011		2.0.6.2	---> Notwendig
GPL Ghostscript	Artifex Software Inc.	17.10.2011		41008	---> Notwendig
Grand Theft Auto IV	Rockstar Games	15.10.2011		1.00.0000	---> Notwendig
Half-Life(R) 2	Valve	15.10.2011	6,17GB	1.0.0.0	---> Notwendig
Hardcopy (C:\Program Files (x86)\Hardcopy)	www.hardcopy.de	20.05.2012		40999	---> Notwendig
HTC BMP USB Driver	HTC	19.06.2012	284KB	1.0.5375	---> Notwendig
HTC Driver Installer	HTC Corporation	19.06.2012	2,09MB	3.0.0.021	---> Notwendig
HTC Sync	HTC Corporation	19.06.2012	47,0MB	43864	---> Notwendig
Intel(R) Management Engine Components	Intel Corporation	14.10.2011		7.0.0.1144	---> Notwendig
Intel(R) Rapid Storage Technology	Intel Corporation	14.10.2011		10.1.0.1008	---> Notwendig
iTunes	Apple Inc.	17.06.2012	182MB	10.6.3.25	---> Notwendig
Java(TM) 6 Update 26	Oracle	16.10.2011	94,9MB	6.0.260	---> Notwendig
Java(TM) 7	Oracle	16.10.2011	98,9MB	7.0.0	---> Notwendig
Java(TM) 7 Update 4 (64-bit)	Oracle	12.06.2012	95,0MB	7.0.40	---> Notwendig
LaCie Ethernet Agent 1.0	LaCie SA	14.10.2011		1.0	---> Notwendig
LaCie Network Assistant 1.5.2.59	LaCie	16.10.2011		1.5.2.59	---> Notwendig
LightScribe System Software	LightScribe	17.10.2011	24,0MB	1.18.11.1	---> Notwendig
Logitech GamePanel Software 3.03.133	Logitech Inc.	10.03.2012	53,8MB	3.03.133	---> Notwendig
Logitech Gaming Software 8.20	Logitech Inc.	26.12.2011	76,6MB	8.20.74	---> Notwendig
Logitech Webcam-Software	Logitech Inc.	10.03.2012		11355	---> Notwendig
Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	04.07.2012	18,0MB	1.61.0.1400	---> Notwendig
Mass Effect™ 3 Demo	Electronic Arts	18.02.2012		1.0.0.0	---> Notwendig
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	14.10.2011	38,8MB	4.0.30319	---> Notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	14.10.2011	2,93MB	4.0.30319	---> Notwendig
Microsoft .NET Framework 4 Extended	Microsoft Corporation	06.05.2012	51,9MB	4.0.30319	---> Notwendig
Microsoft Flight		07.04.2012			---> Notwendig
Microsoft Games for Windows - LIVE Redistributable	Microsoft Corporation	15.10.2011	31,3MB	3.5.88.0	---> Notwendig
Microsoft Games for Windows Marketplace	Microsoft Corporation	15.10.2011	6,03MB	3.5.50.0	---> Notwendig
Microsoft IntelliPoint 8.2	Microsoft Corporation	14.10.2011		8.20.468.0	---> Notwendig
Microsoft Office Outlook Connector	Microsoft Corporation	14.10.2011	3,38MB	14.0.6106.5001	---> Notwendig
Microsoft Office Professional 2010	Microsoft Corporation	26.04.2012		14.0.6029.1000	---> Notwendig
Microsoft Office Project Professional 2007	Microsoft Corporation	21.04.2012		12.0.6612.1000	---> Notwendig
Microsoft redistributable runtime DLLs VS2005 SP1(x86)	SAP	17.11.2011	308KB	8.0.50727.4053	---> Notwendig
Microsoft redistributable runtime DLLs VS2008 SP1(x86)	SAP AG	17.11.2011	4,62MB	9.0	---> Notwendig
Microsoft Security Essentials	Microsoft Corporation	24.04.2012		4.0.1526.0	---> Notwendig
Microsoft Silverlight	Microsoft Corporation	14.05.2012	50,6MB	5.1.10411.0	---> Notwendig
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	14.10.2011	1,69MB	3.1.0000	---> Notwendig
Microsoft Visio Professional 2010	Microsoft Corporation	15.10.2011		14.0.6029.1000	---> Notwendig
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053	Microsoft Corporation	24.01.2012	260KB	8.0.50727.4053	---> Notwendig
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	24.01.2012	250KB	8.0.50727.4053	---> Notwendig
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	15.10.2011	300KB	8.0.56336	---> Notwendig
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	15.01.2012	572KB	8.0.61000	---> Notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	29.10.2011	788KB	9.0.30729	---> Notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	30.10.2011	788KB	9.0.30729.6161	---> Notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	16.10.2011	2,06MB	9.0.21022	---> Notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	20.10.2011	234KB	9.0.30729	---> Notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	17.10.2011	238KB	9.0.30729	---> Notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	09.04.2012	222KB	9.0.30729.4148	---> Notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	17.10.2011	600KB	9.0.30729.6161	---> Notwendig
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319	Microsoft Corporation	14.10.2011	13,7MB	10.0.30319	---> Notwendig
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	15.10.2011	15,0MB	10.0.40219	---> Notwendig
Mozilla Firefox 13.0.1 (x86 de)	Mozilla	17.06.2012	40,8MB	13.0.1	---> Notwendig
Mozilla Maintenance Service	Mozilla	17.06.2012	309KB	13.0.1	---> Notwendig
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	17.11.2011	1,28MB	4.20.9870.0	---> Unbekannt
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	18.11.2011	1,34MB	4.20.9876.0	---> Unbekannt
MSXML 4.0 SP3 Parser	Microsoft Corporation	19.06.2012	1,47MB	4.30.2100.0	---> Unbekannt
MSXML 4.0 SP3 Parser (KB973685)	Microsoft Corporation	20.06.2012	1,53MB	4.30.2107.0	---> Unbekannt
NVIDIA PhysX	NVIDIA Corporation	18.02.2012	78,9MB	9.10.0513	---> Notwendig
OpenAL		12.05.2012			---> Notwendig
Origin	Electronic Arts, Inc.	22.03.2012		8.5.0.4554	---> Notwendig
Pandasoft Video Converter	Pandasoft	06.05.2012	68,5MB	0.95.122.0	---> Notwendig
PDF-XChange Viewer	Tracker Software Products Ltd.	29.11.2011	44,5MB	2.5.199.0	---> Notwendig
PunkBuster Services	Even Balance, Inc.	18.04.2012		0.991	---> Notwendig
Rapture3D 2.3.22 Game	Blue Ripple Sound	15.10.2011			---> Unbekannt
Realtek Ethernet Controller Driver For Windows 7	Realtek	14.10.2011		7.23.623.2010	---> Notwendig
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	14.10.2011		6.0.1.6167	---> Notwendig
RedMon - Redirection Port Monitor		17.10.2011			---> Unbekannt
ROCCAT Valo Keyboard Driver		14.10.2011			---> Notwendig
SAP Business Explorer	SAP AG	17.11.2011		44013	---> Notwendig
SAP GUI for Windows 7.20	SAP	17.11.2011		7.20 Compilation 3	---> Notwendig
Skype Click to Call	Skype Technologies S.A.	15.06.2012	15,9MB	6.0.10201	---> Notwendig
Skype™ 5.9	Skype Technologies S.A.	15.06.2012	19,4MB	5.9.123	---> Notwendig
Steam(TM)	Valve	15.10.2011	16,4MB	1.0.0.0	---> Notwendig
Streamripper (Remove only)		23.12.2011			---> Notwendig
TeamSpeak 3 Client	TeamSpeak Systems GmbH	29.10.2011			---> Notwendig
TomTom HOME 2.8.3.2458	TomTom	03.01.2012		2.8.3.2458	---> Notwendig
TomTom HOME Visual Studio Merge Modules	TomTom International B.V.	03.01.2012	1,88MB	1.0.2	---> Notwendig
Ubisoft Game Launcher	UBISOFT	18.04.2012		1.0.0.0	---> Notwendig
VLC media player 1.1.11	VideoLAN	20.10.2011		40544	---> Notwendig
Winamp	Nullsoft, Inc	23.12.2011		5623	---> Notwendig
Winamp Erkennungs-Plug-in	Nullsoft, Inc	23.12.2011	75,0KB	1.0.0.1	---> Notwendig
Windows 7 Codec Pack 3.4.0	Windows 7 Codec Pack	17.10.2011		36619	---> Notwendig
Windows Live Essentials	Microsoft Corporation	14.10.2011		15.4.3538.0513	---> Notwendig
Windows Live Mesh ActiveX control for remote connections	Microsoft Corporation	14.10.2011	5,57MB	15.4.5722.2	---> Notwendig
WinRAR 4.01 (64-Bit)	win.rar GmbH	14.10.2011		36529	---> Notwendig
Xtra Controller Ex	Hercules	15.01.2012		4.0.2.1	---> Unbekannt
Xtra Controller Ex	Hercules	15.01.2012		4.0.2.1	---> Unbekannt
         
Vielen Dank!

Alt 11.07.2012, 12:42   #13
markusg
/// Malware-holic
 
GVU-Trojaner mit Webcam - Standard

GVU-Trojaner mit Webcam



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Java: alle
Download der kostenlosen Java-Software
downloade java jre, instalieren.

deinstaliere:

öffne ccleaner, analysieren CCleaner starten.
öffne otl, cleanup, pc neustarten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu GVU-Trojaner mit Webcam
betriebssystem, datei, funktionier, funktioniert, gefunde, gelöscht, gvu-trojaner, gvu-trojaner mit webcam, hallo zusammen, infizierte, infizierte datei, log-datei, malewarebytes, rootkit.0access, schonmal, sofort, temp-ordner, webcam, windows, windows 7, zusammen



Ähnliche Themen: GVU-Trojaner mit Webcam


  1. GVU Trojaner hat Windows 7 gesperrt - Webcam - paysafecard oder ukash - Trojaner-Board
    Plagegeister aller Art und deren Bekämpfung - 26.06.2013 (3)
  2. GVU - Trojaner mit Webcam
    Plagegeister aller Art und deren Bekämpfung - 23.12.2012 (23)
  3. GVU-Trojaner mit Webcam
    Plagegeister aller Art und deren Bekämpfung - 25.11.2012 (3)
  4. GVU Trojaner mit Webcam
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (4)
  5. GVU Trojaner mit Webcam
    Log-Analyse und Auswertung - 11.11.2012 (3)
  6. GVU Trojaner mit Webcam
    Log-Analyse und Auswertung - 26.10.2012 (6)
  7. GVU Trojaner mit Webcam
    Plagegeister aller Art und deren Bekämpfung - 18.09.2012 (39)
  8. GVU Trojaner mit Webcam
    Plagegeister aller Art und deren Bekämpfung - 14.09.2012 (1)
  9. GVU-Trojaner mit Webcam
    Log-Analyse und Auswertung - 11.09.2012 (9)
  10. GVU Webcam Trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.09.2012 (7)
  11. GVU-Trojaner mit Webcam
    Log-Analyse und Auswertung - 03.09.2012 (14)
  12. BSI Trojaner mit Webcam
    Log-Analyse und Auswertung - 21.08.2012 (16)
  13. GVU Trojaner + Webcam
    Log-Analyse und Auswertung - 16.08.2012 (8)
  14. GVU Trojaner mit webcam
    Log-Analyse und Auswertung - 13.08.2012 (24)
  15. GVU Trojaner mit Webcam
    Plagegeister aller Art und deren Bekämpfung - 30.07.2012 (11)
  16. GVU Trojaner mit Webcam
    Plagegeister aller Art und deren Bekämpfung - 22.06.2012 (2)
  17. Webcam trojaner?
    Mülltonne - 12.02.2008 (0)

Zum Thema GVU-Trojaner mit Webcam - Hallo zusammen, habe mir den allseits-bekannten GVU-Trojaner in einem Fußball-Video (!!!) eingefangen. Pc funktioniert wieder einwandfrei, Malewarebytes hat eine infizierte Datei gefunden, die ich sofort gelöscht hab (da in TEMP-Ordner). - GVU-Trojaner mit Webcam...
Archiv
Du betrachtest: GVU-Trojaner mit Webcam auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.